CISA has added CVE‑2026‑34926 to its Known Exploited Vulnerabilities catalogue. The flaw affects Trend Micro Apex One (on‑premise) and is described as a directory traversal vulnerability that could let a pre‑authenticated local attacker alter a key table on the server to inject malicious code for distribution to agents.
The vulnerability is a directory traversal issue in the on‑premise version of Apex One. An attacker who has local access can manipulate file paths to modify a critical table, enabling the insertion of malicious code that is then pushed to managed agents. The CVSS base score is 6.7, rated MEDIUM, and no patch information is currently available from the vendor.
Because the entry appears in the KEV catalogue, active exploitation has been confirmed in the wild. There is no publicly known link to ransomware campaigns at this time. Federal Civilian Executive Branch agencies must apply the required mitigations by 2026‑06‑04, the remediation deadline set by CISA.
CISA directs affected agencies to apply mitigations per Trend Micro’s instructions, follow the relevant provisions of Binding Operational Directive 22‑01 for cloud services, or discontinue use of the product if mitigations cannot be implemented. All other organisations should review their exposure to Apex One and consider applying the same guidance as a precautionary measure.
For full technical details, consult the NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2026-34926 and the CISA KEV catalogue.