Apex One/SEP Agent TOCTOU Enables Local Priv Escalation
CVE-2026-45208 Published on May 21, 2026
A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Vulnerability Analysis
CVE-2026-45208 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
What is a TOCTTOU Vulnerability?
The software checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the software to perform invalid actions when the resource is in an unexpected state. This weakness can be security-relevant when an attacker can influence the state of the resource between check and use. This can happen with shared resources such as files, memory, or even variables in multithreaded programs.
CVE-2026-45208 has been classified to as a TOCTTOU vulnerability or weakness.
Products Associated with CVE-2026-45208
stack.watch emails you whenever new vulnerabilities are published in TrendMicro Apexone Op or TrendMicro Apexone Saas. Just hit a watch button to start following.
Affected Versions
Trend Micro, Inc. TrendAI Apex One:- Version 2019 (14.0) and below 14.0.0.17079 is affected.
- Version SaaS and below 14.0.20731 is affected.