Exposures › CVE-2026-34926
Trend Micro Apex One on-premise software allows local attackers to inject malicious code into agents via a directory traversal flaw.
A directory traversal vulnerability in Trend Micro Apex One (on-premise) enables local attackers to modify key tables and inject code into deployed agents, creating a supply-chain risk for DIB organizations relying on this endpoint protection platform. While not a zero-day or remote exploit, the ability to compromise agent integrity undermines the security posture of the entire endpoint ecosystem.
Shame score — A local-only vulnerability that requires pre-authentication, though it poses a supply-chain risk for endpoint security.
Trend Micro Apex One (on-premise) contains a directory traversal vulnerability that could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations.
| Product | Provider | Status | Match |
|---|---|---|---|
| Trend Micro Cloud One for Government | Trend Micro Inc. | In Process | vendor-exact · 0.90 |
| Trend Micro Vision One for Government | Trend Micro Inc. | In Process | vendor-exact · 0.90 |