PreAuth Local Directory Traversal in TrendMicro Apex One Server (onprem)
CVE-2026-34926 Published on May 21, 2026

A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations. This vulnerability is only exploitable on the on-premise version of Apex One and a potential attacker must have access to the Apex One Server and already obtained administrative credentials to the server via some other method to exploit this vulnerability.

NVD

Known Exploited Vulnerability

This Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Trend Micro Apex One (on-premise) contains a directory traversal vulnerability that could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations.

The following remediation steps are recommended / required by June 4, 2026: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Vulnerability Analysis

CVE-2026-34926 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. This vulnerability is known to be actively exploited by threat actors. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:
LOCAL
Attack Complexity:
HIGH
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

Relative Path Traversal

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory. This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.


Products Associated with CVE-2026-34926

stack.watch emails you whenever new vulnerabilities are published in TrendMicro Apexone Op or TrendMicro Apexone Saas. Just hit a watch button to start following.

TrendMicro Apexone Op
 
TrendMicro Apexone Saas
 

Affected Versions

Trend Micro, Inc. TrendAI Apex One: Trend Micro, Inc. TrendAI Apex One as a Service: