CVE-2026-34926

Name of the Vulnerable Software and Affected Versions Apex One (on-premise) versions prior to SP1 18012 Apex One (on-premise) new installs versions prior to 17079

Description A directory traversal issue in the on-premise server allows a pre-authenticated local attacker with administrative credentials to modify a deployment table. By doing so, the attacker can inject malicious code into agent packages distributed by the server, which are then deployed to all managed endpoints during routine updates. This effectively turns the security infrastructure into a distribution channel for malicious payloads. There has been at least one recorded real-world attempt to exploit this issue.

Recommendations Update Apex One SP1 to version 18012. Update new installations of Apex One to version 17079. Audit administrative access to the endpoint protection console and restrict access to the server to minimize the risk of exploitation.