All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2026-34926
MEDIUMKEVpublished 2026-05-21 14:16 UTC · 1 month ago · modified 2026-05-22 12:47 UTC
6.7
CVSS / 10
// description
Trend Micro Apex One (on-premise) contains a directory traversal vulnerability that could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations.
// cvss 3.1 vector
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L
// required action (CISA KEV)
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
added 2026-05-21 00:00 UTC
// weaknesses (CWE)
- CWE-23