PT-2026-42465 · Trend Micro · Apex One

Trendai Incident Response (Ir) Team

·

Published

2026-05-21

·

Updated

2026-06-12

·

CVE-2026-34926

CVSS v3.1

6.7

Medium

VectorAV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L
Name of the Vulnerable Software and Affected Versions Apex One (on-premise) versions prior to SP1 Build 18012 Apex One (new installs) versions prior to 17079 Apex One (SaaS agent) versions prior to 14.0.20731
Description A directory traversal issue in the on-premise management server allows an attacker with local or remote administrative credentials to modify a deployment table. By doing so, the attacker can inject malicious code into the next agent package distributed by the server. Consequently, every managed endpoint receives the payload during routine updates, turning the security software's distribution channel into a vector for deploying code to the systems it is intended to protect. At least one real-world exploitation attempt has been recorded.
Recommendations Update Apex One SP1 to Build 18012. Update new installations of Apex One to version 17079. Update SaaS agents to version 14.0.20731. Audit users with administrative access to the endpoint protection console and restrict access to the server to minimize the risk of exploitation.

Fix

LPE

Relative Path Traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BDU:2026-08141
CVE-2026-34926

Affected Products

Apex One