TrendAI says attackers exploited a flaw in its Apex One security software before a patch was available, putting organizations that run the on-premises server at risk. The bug, CVE-2026-34926, is a directory traversal vulnerability in Apex One on-premise that can let an attacker alter a key server table and inject malicious code for deployment to agents; TrendAI says admin credentials to the server are required, and CISA has added the CVE to its Known Exploited Vulnerabilities catalog.
Why it matters: Organizations using Apex One on-premises should treat this as urgent because the flaw was exploited in real attacks and could let attackers push malicious code from the management server to protected endpoints. Apply TrendAI's update immediately and review who has administrative and remote access to the Apex One server.
Sergiu Gatlan
2026.05.22
98% relevant
This article covers the same underlying event: Trend Micro's patch and warning for the actively exploited Apex One on-premises zero-day CVE-2026-34926. It adds concrete detail that the bug is a directory traversal issue allowing code injection to agents from the server, notes Trend observed at least one in-the-wild exploit attempt, and mentions CISA's KEV listing and June 4 federal patch deadline.
Eduard Kovacs
2026.05.22
100% relevant
This article appears to be the first tracked item here for CVE-2026-34926, covering the vendor patch, in-the-wild exploitation, affected product scope, and CISA KEV inclusion.
← Back to all stories