Trend Micro Addresses Zero-Day Vulnerability in Apex One

Japanese cybersecurity software company Trend Micro has recently patched a zero-day vulnerability in its Apex One endpoint security platform. The vulnerability, tracked as CVE-2026-34926, was being exploited in attacks targeting Windows systems.

Apex One is an enterprise-grade security solution designed to protect corporate networks from various threats, including malware, ransomware, fileless attacks, and web-based threats.

The vulnerability in the on-premises version of Apex One allowed local attackers with admin privileges to inject malicious code into the server. Trend Micro stated that the attacker must have access to the server and administrative credentials to exploit the vulnerability.

Despite the specific requirements for exploitation, Trend Micro reported at least one observed attempt to exploit the vulnerability in the wild.

Federal Agencies Urged to Patch Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-34926 to its list of actively exploited vulnerabilities and has instructed federal agencies to patch their devices by June 4. CISA emphasized the importance of mitigating these vulnerabilities to protect the federal enterprise.

Trend Micro also released security updates to address seven local privilege escalation vulnerabilities in the Apex One Standard Endpoint Protection agent. These vulnerabilities could be exploited by attackers with permission to execute low-privileged code on the target system.

Over the years, threat actors have targeted vulnerabilities in Trend Micro Apex One, including zero-day attacks. Trend Micro has previously addressed actively exploited vulnerabilities in Apex One, such as CVE-2025-54948, CVE-2022-40139, and CVE-2023-41179.

CISA is currently monitoring 12 Trend Micro Apex vulnerabilities that have been or are being abused in attacks.