Cyber Resilience

CVE-2026-34926

MediumCISA KEVActive ExploitationEUVD Exploited

Published: 21 May 2026

Published
21 May 2026
Modified
21 May 2026
KEV Added
21 May 2026
Patch
CVSS Score v3.1 6.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L
EPSS Score 0.1268 95.8th percentile
Risk Priority 100 floored blend · peak EPSS

Summary

CVE-2026-34926 is a medium-severity Relative Path Traversal (CWE-23) vulnerability in Trendmicro (inferred from references). Its CVSS base score is 6.7 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Software Deployment Tools (T1072); ranked in the top 4.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-5 (Access Restrictions for Change) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-34926 is a directory traversal vulnerability, tracked under CWE-23, that affects the Apex One on-premise server. The flaw could permit modification of a key table on the server, enabling injection of malicious code intended for deployment to connected agents on affected installations. The issue is restricted to the on-premise version of the product and carries a CVSS 3.1 score of 6.7.

A pre-authenticated local attacker who already possesses administrative credentials obtained through separate means and has direct access to the Apex One server can exploit the vulnerability. Successful exploitation allows the attacker to alter server-side tables and push malicious code to agents, resulting in high confidentiality impact along with limited integrity and availability effects under the given attack vector of local access, high complexity, and high privileges.

Public advisories and solution documents from Trend Micro, JVN, JPCERT, and CISA address the issue, with the vulnerability appearing in CISA's known exploited vulnerabilities catalog. These references provide guidance on available patches and mitigation steps for on-premise deployments.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations. This vulnerability is only exploitable…

more

on the on-premise version of Apex One and a potential attacker must have access to the Apex One Server and already obtained administrative credentials to the server via some other method to exploit this vulnerability.

CWE(s)
KEV Date Added
21 May 2026

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1072 Software Deployment Tools Execution
Adversaries may gain access to and use centralized software suites installed within an enterprise to execute commands and move laterally through the network.
Why these techniques?

Directory traversal enables modification of deployment configuration/table on the management server to push malicious code to agents, directly facilitating abuse of software deployment tools after admin access is obtained.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-64446Shared CWE-23both on KEV
CVE-2026-8361Shared CWE-23
CVE-2026-30345Shared CWE-23
CVE-2026-29778Shared CWE-23
CVE-2025-62878Shared CWE-23
CVE-2025-25130Shared CWE-23
CVE-2026-43616Shared CWE-23
CVE-2026-2818Shared CWE-23
CVE-2026-8073Shared CWE-23
CVE-2026-33733Shared CWE-23

Affected Assets

Trendmicro
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Input validation on file/path parameters directly blocks the directory traversal used to reach and modify the key table.

prevent

Enforces explicit authorization and restrictions before any modification of critical server tables or configuration artifacts.

detect

Cryptographic integrity checks or monitoring would detect unauthorized alteration of the key table before malicious code is pushed to agents.

References