CVE-2026-34926
Published: 21 May 2026
Summary
CVE-2026-34926 is a medium-severity Relative Path Traversal (CWE-23) vulnerability in Trendmicro (inferred from references). Its CVSS base score is 6.7 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Software Deployment Tools (T1072); ranked in the top 4.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-5 (Access Restrictions for Change) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2026-34926 is a directory traversal vulnerability, tracked under CWE-23, that affects the Apex One on-premise server. The flaw could permit modification of a key table on the server, enabling injection of malicious code intended for deployment to connected agents on affected installations. The issue is restricted to the on-premise version of the product and carries a CVSS 3.1 score of 6.7.
A pre-authenticated local attacker who already possesses administrative credentials obtained through separate means and has direct access to the Apex One server can exploit the vulnerability. Successful exploitation allows the attacker to alter server-side tables and push malicious code to agents, resulting in high confidentiality impact along with limited integrity and availability effects under the given attack vector of local access, high complexity, and high privileges.
Public advisories and solution documents from Trend Micro, JVN, JPCERT, and CISA address the issue, with the vulnerability appearing in CISA's known exploited vulnerabilities catalog. These references provide guidance on available patches and mitigation steps for on-premise deployments.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-31284
Vulnerability details
A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations. This vulnerability is only exploitable…
more
on the on-premise version of Apex One and a potential attacker must have access to the Apex One Server and already obtained administrative credentials to the server via some other method to exploit this vulnerability.
- CWE(s)
- KEV Date Added
- 21 May 2026
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Directory traversal enables modification of deployment configuration/table on the management server to push malicious code to agents, directly facilitating abuse of software deployment tools after admin access is obtained.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Input validation on file/path parameters directly blocks the directory traversal used to reach and modify the key table.
Enforces explicit authorization and restrictions before any modification of critical server tables or configuration artifacts.
Cryptographic integrity checks or monitoring would detect unauthorized alteration of the key table before malicious code is pushed to agents.