TrendMicro
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any TrendMicro product.
RSS Feeds for TrendMicro security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in TrendMicro products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by TrendMicro Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2026 there have been 19 vulnerabilities in TrendMicro with an average score of 8.0 out of ten. Last year, in 2025 TrendMicro had 21 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in TrendMicro in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 1.21.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 19 | 7.98 |
| 2025 | 21 | 6.78 |
| 2024 | 60 | 7.08 |
| 2023 | 41 | 7.34 |
| 2022 | 34 | 7.24 |
| 2021 | 33 | 6.97 |
| 2020 | 38 | 6.54 |
| 2019 | 13 | 7.83 |
| 2018 | 46 | 8.07 |
It may take a day or so for new TrendMicro vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent TrendMicro Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2026-45208 | May 21, 2026 |
Apex One/SEP Agent TOCTOU Enables Local Priv EscalationA time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
Apexone Op
Apexone Saas
|
| CVE-2026-45207 | May 21, 2026 |
Local Priv Escalation via Origin Validation in Trend Micro Apex One/SEPAn origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45206 but exists in a different process protection communication mechanism. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
Apexone Op
Apexone Saas
|
| CVE-2026-45206 | May 21, 2026 |
CVE-2026-45206: LPE via origin validation in Trend Micro Apex One/SEP agentAn origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45207 but exists in a different process protection communication mechanism. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
Apexone Op
Apexone Saas
|
| CVE-2026-34930 | May 21, 2026 |
Privilege Escalation via Origin Validation in Trend Micro Apex One AgentAn origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different process protection mechanism. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
Apexone Op
Apexone Saas
|
| CVE-2026-34929 | May 21, 2026 |
Privilege Escalation via Origin Validation in Apex One Agent IPCAn origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different inter-process communication mechanism. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
Apexone Op
Apexone Saas
|
| CVE-2026-34928 | May 21, 2026 |
Origin Validation Privilege Escalation via Named Pipe in Apex OneAn origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different named pipe communication mechanism. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
Apexone Op
Apexone Saas
|
| CVE-2026-34927 | May 21, 2026 |
Trend Micro Apex One Agent - LPE via Origin ValidationAn origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
Apexone Op
Apexone Saas
|
| CVE-2026-34926 | May 21, 2026 |
PreAuth Local Directory Traversal in TrendMicro Apex One Server (onprem)A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations. This vulnerability is only exploitable on the on-premise version of Apex One and a potential attacker must have access to the Apex One Server and already obtained administrative credentials to the server via some other method to exploit this vulnerability. |
Apexone Op
Apexone Saas
|
| CVE-2025-71217 | May 21, 2026 |
Priv Escalation via Origin Validation Bypass in Trend Micro Apex One mac AgentAn origin validation error vulnerability in the Trend Micro Apex One (mac) agent self-protection mechanism could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The following information is provided as informational only for CVE references, as these were addressed already via ActiveUpdate/SaaS updates in mid to late 2025 (SaaS 2507 & 2005 Yearly Release). |
Apex One
|
| CVE-2025-71216 | May 21, 2026 |
Trend Micro Apex One mac LPE via Agent Cache TOCTOUA time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent cache mechanism could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The following information is provided as informational only for CVE references, as these were addressed already via ActiveUpdate/SaaS updates in mid to late 2025 (SaaS 2507 & 2005 Yearly Release). |
Apex One
|
| CVE-2025-71215 | May 21, 2026 |
Trend Micro Apex One Mac iCore TTOU Signature Verification PriveEscA time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent iCore service signature verification could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The following information is provided as informational only for CVE references, as these were addressed already via ActiveUpdate/SaaS updates in mid to late 2025 (SaaS 2507 & 2005 Yearly Release). |
Apex One
|
| CVE-2025-71214 | May 21, 2026 |
Trend Micro Apex One (mac) Agent iCore Origin Validation Priv EscalationAn origin validation error vulnerability in the Trend Micro Apex One (mac) agent iCore service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The following information is provided as informational only for CVE references, as these were addressed already via ActiveUpdate/SaaS updates in mid to late 2025 (SaaS 2507 & 2005 Yearly Release). |
Apex One
|
| CVE-2025-71213 | May 21, 2026 |
Trend Micro Apex One origin validation error allows local privileged escalationAn origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
Apexone Op
Apexone Saas
|
| CVE-2025-71212 | May 21, 2026 |
Trend Micro Apex One PrivEsc via Link-Following in Scan Engine (CVE-2025-71212)A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
Apexone Op
Apexone Saas
|
| CVE-2025-71211 | May 21, 2026 |
Trend Micro Apex One Admin Console RCE via Remote File UploadA vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is similar in scope to CVE-2025-71210 but affects a different executable. Please note: although this vulnerability carries a technical critical CVSS rating, this was reported via responsible disclosure via a researcher through the Zero Day Initiative. The SaaS versions of the product have already been mitigated and no customer action required. For this particular vulnerability, an attacker must have access to the Trend Micro Apex One Management Console, so customers that have their consoles IP address exposed externally should consider mitigating factors such as source restrictions if not already applied. |
Apexone Op
Apexone Saas
|
| CVE-2025-71210 | May 21, 2026 |
Remote Code Execution via Upload on Trend Micro Apex One ConsoleA vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. Please note: although this vulnerability carries a technical critical CVSS rating, this was reported via responsible disclosure via a researcher through the Zero Day Initiative. The SaaS versions of the product have already been mitigated and no customer action required. For this particular vulnerability, an attacker must have access to the Trend Micro Apex One Management Console, so customers that have their consoles IP address exposed externally should consider mitigating factors such as source restrictions if not already applied. |
Apexone Op
Apexone Saas
|
| CVE-2025-69260 | Jan 08, 2026 |
Trend Micro Apex Central OOB Read Exploitation Enables DOSA message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations. Please note: authentication is not required in order to exploit this vulnerability. |
Apexcentral
|
| CVE-2025-69259 | Jan 08, 2026 |
Trend Micro Apex Central NULL-Return DoS Vulnerability (CVE-2025-69259)A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations. Please note: authentication is not required in order to exploit this vulnerability.. |
Apexcentral
|
| CVE-2025-69258 | Jan 08, 2026 |
Trend Micro Apex Central LoadLibraryEx DLL Hijack (CVE-2025-69258)A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations. |
Apexcentral
|
| CVE-2025-54948 | Aug 05, 2025 |
Trend Micro Apex One pre-auth uploadA vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. |
Apex One
Apexone Server
|
| CVE-2025-54987 | Aug 05, 2025 |
Trend Micro Apex One RCE via Pre-Auth Console UploadA vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is essentially the same as CVE-2025-54948 but targets a different CPU architecture. |
Apex One
|
| CVE-2025-52837 | Jul 10, 2025 |
Link Following Privilege Escalation in Trend Micro Password Manager 5.8.0.1327Trend Micro Password Manager (Consumer) version 5.8.0.1327 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow an attacker the opportunity to abuse symbolic links and other methods to delete any file/folder and achieve privilege escalation. |
Password Manager
|
| CVE-2025-30640 | Jun 17, 2025 |
Trend Micro Deep Security 20.0 Agents: LPE via Link FollowingA link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
Deep Security
|
| CVE-2025-30642 | Jun 17, 2025 |
Trend Micro Deep Security 20.0 Agents DoS via Link FollowingA link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to create a denial of service (DoS) situation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
Deep Security
|
| CVE-2025-30680 | Jun 17, 2025 |
Trend Micro Apex Central SaaS SSRF -> Info DisclosureA Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (SaaS) could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations. Please note: this vulnerability only affects the SaaS instance of Apex Central - customers that automatically apply Trend Micro's monthly maintenance releases to the SaaS instance do not have to take any further action. |
Apex Central
|
| CVE-2025-49154 | Jun 17, 2025 |
CVE-2025-49154: Trend Micro Apex One Local Access Control ExploitAn insecure access control vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security could allow a local attacker to overwrite key memory-mapped files which could then have severe consequences for the security and stability of affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
Apex One
|
| CVE-2025-49155 | Jun 17, 2025 |
Trend Micro Apex One DLP Uncontrolled Search Path Allows XecAn uncontrolled search path vulnerability in the Trend Micro Apex One Data Loss Prevention module could allow an attacker to inject malicious code leading to arbitrary code execution on affected installations. |
Apex One
|
| CVE-2025-49156 | Jun 17, 2025 |
Priv Esc via Link Follow in Trend Micro Apex One Scan EngineA link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
Apex One
|
| CVE-2025-49157 | Jun 17, 2025 |
Local Privilege Escalation via Link-Follow in Apex One Damage Cleanup EngineA link following vulnerability in the Trend Micro Apex One Damage Cleanup Engine could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
Apex One
|
| CVE-2025-47866 | Jun 17, 2025 |
Trend Micro Apex Central Widget v<8.0.6955 Unrestricted File UploadAn unrestricted file upload vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to upload arbitrary files on affected installations. |
Apex Central
|
| CVE-2025-47867 | Jun 17, 2025 |
LFI in Trend Micro Apex Central <8.0.6955 RCEA Local File Inclusion vulnerability in a Trend Micro Apex Central widget in versions below 8.0.6955 could allow an attacker to include arbitrary files to execute as PHP code and lead to remote code execution on affected installations. |
Apex Central
|
| CVE-2025-49219 | Jun 17, 2025 |
Insecure deserialization TMC Apex Central <8.0.7007 enables pre-auth RCEAn insecure deserialization operation in Trend Micro Apex Central below versions 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49220 but is in a different method. |
Apex Central
|
| CVE-2025-49220 | Jun 17, 2025 |
Trend Micro Apex Central <8.0.7007 insecure deserialization RCEAn insecure deserialization operation in Trend Micro Apex Central below version 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49219 but is in a different method. |
Apex Central
|
| CVE-2025-31285 | Apr 02, 2025 |
Broken ACL in Trend Vision One Role Name Enables Privilege EscalationA broken access control vulnerability previously discovered in the Trend Vision One Role Name component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. |
|
| CVE-2025-31284 | Apr 02, 2025 |
Trend Vision One Status BRC Escalation by Admin User CreationA broken access control vulnerability previously discovered in the Trend Vision One Status component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. |
|
| CVE-2025-31283 | Apr 02, 2025 |
Trend Vision One User Roles Broken Access Control Escalates PrivilegesA broken access control vulnerability previously discovered in the Trend Vision One User Roles component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. |
|
| CVE-2025-31282 | Apr 02, 2025 |
Trend Vision One: Broken ACL in User Account ComponentA broken access control vulnerability previously discovered in the Trend Vision One User Account component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. |
|
| CVE-2024-58105 | Mar 25, 2025 |
Trend Micro Apex One UI Manager Bypass Allows Local ExecutionA vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. This CVE address an addtional bypass not covered in CVE-2024-58104. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
Apex One
|
| CVE-2024-58104 | Mar 25, 2025 |
Trend Micro Apex One UI Manager LPE & Code ExecA vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
Apex One
|
| CVE-2022-28339 | Feb 22, 2025 |
Trend Micro HouseCall 5.3.1302 Uncontrolled Search Patch Element DLL PrivEscTrend Micro HouseCall for Home Networks version 5.3.1302 and below contains an uncontrolled search patch element vulnerability that could allow an attacker with low user privileges to create a malicious DLL that could lead to escalated privileges. |
Housecall For Home Networks
|
| CVE-2024-55917 | Dec 31, 2024 |
Trend Micro Apex One Origin Validation Error Privilege EscalationAn origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
Apex One
|
| CVE-2024-55955 | Dec 31, 2024 |
Trend Micro Deep Security Agent Privilege Escalation VulnerabilityAn incorrect permissions assignment vulnerability in Trend Micro Deep Security 20.0 agents between versions 20.0.1-9400 and 20.0.1-23340 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
Deep Security
|
| CVE-2024-55632 | Dec 31, 2024 |
Trend Micro Apex One Security Agent Link Following Privilege Escalation VulnerabilityA security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
Apex One
|
| CVE-2024-55631 | Dec 31, 2024 |
Trend Micro Apex One: Local Privilege Escalation via Engine Link FollowingAn engine link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
Apex One
|
| CVE-2024-52050 | Dec 31, 2024 |
Trend Micro Apex One LogServer Local Escalation via File CreationA LogServer arbitrary file creation vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
Apex One
|
| CVE-2024-52047 | Dec 31, 2024 |
Trend Micro Apex One widget LFI allows RCEA widget local file inclusion vulnerability in Trend Micro Apex One could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
Apex One
|
| CVE-2024-51503 | Nov 19, 2024 |
Trend Micro Deep Security 20 Agent: Command Injection Vulnerability in Security Agent Manual ScanA security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine. In certain circumstances, attackers that have legitimate access to the domain may be able to remotely inject commands to other machines in the same domain. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability locally and must have domain user privileges to affect other machines. |
Deep Security
|
| CVE-2024-45334 | Oct 22, 2024 |
Trend Micro Antivirus One v3.10.4 and Below: Arbitrary Config Update VulnerabilityTrend Micro Antivirus One versions 3.10.4 and below (Consumer) is vulnerable to an Arbitrary Configuration Update that could allow unauthorized access to product configurations and functions. |
Antivirus One
|
| CVE-2024-46903 | Oct 22, 2024 |
Trend Micro Deep Discovery Inspector 5.8+ Info Disclosure via Low Privilege CodeA vulnerability in Trend Micro Deep Discovery Inspector (DDI) versions 5.8 and above could allow an attacker to disclose sensitive information affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
Deep Discovery Inspector
|
| CVE-2024-45335 | Oct 22, 2024 |
Trend Micro Antivirus One <=3.10.4 Bypass Scan via Crafted VirusTrend Micro Antivirus One, version 3.10.4 and below contains a vulnerability that could allow an attacker to use a specifically crafted virus to allow itself to bypass and evade a virus scan detection. |
Antivirus One
|