Trend Micro Apex One Agent - LPE via Origin Validation
CVE-2026-34927 Published on May 21, 2026

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

NVD

Vulnerability Analysis

CVE-2026-34927 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:

LOCAL

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

Origin Validation Error

The software does not properly verify that the source of data or communication is valid.

Products Associated with CVE-2026-34927

stack.watch emails you whenever new vulnerabilities are published in TrendMicro Apexone Op or TrendMicro Apexone Saas. Just hit a watch button to start following.

TrendMicro Apexone Op

TrendMicro Apexone Saas

Affected Versions

Trend Micro, Inc. TrendAI Apex One:

Version 2019 (14.0) and below 14.0.0.17079 is affected.

Trend Micro, Inc. TrendAI Apex One as a Service:

Version SaaS and below 14.0.20731 is affected.

Trend Micro Apex One Agent - LPE via Origin ValidationCVE-2026-34927 Published on May 21, 2026

Vulnerability Analysis

Weakness Type

Origin Validation Error

Products Associated with CVE-2026-34927

Affected Versions

Trend Micro Apex One Agent - LPE via Origin Validation
CVE-2026-34927 Published on May 21, 2026