
Trend Micro Apex One
Trend Micro's on-premises enterprise endpoint detection and response product; CVE-2026-34926 is a CVSS 6.7 directory-traversal flaw confirmed exploited in the wild.
Last refreshed: 29 May 2026 · Appears in 1 active topic
Why does a security product's own directory-traversal flaw end up on CISA's most-wanted list?
Timeline for Trend Micro Apex One
AI orchestration flaw joins CISA's KEV
Cybersecurity: Threats and DefencesWhat is CVE-2026-34926 in Trend Micro Apex One?
Is Trend Micro Apex One still safe to use?
How does a directory traversal attack work on endpoint security software?
Background
Trend Micro Apex One is the flagship on-premises endpoint detection and response (EDR) platform from Trend Micro, aimed at enterprise environments requiring local data-sovereignty or air-gapped deployment. It provides threat detection, behavioural monitoring, vulnerability patching, and centralised management across Windows and macOS endpoints. On-premises deployment distinguishes it from Trend Micro's cloud-native Worry-Free Business Security service.
In May 2026, CISA added CVE-2026-34926 — a directory-traversal vulnerability with a CVSS score of 6.7 — to the Known Exploited Vulnerabilities catalogue on 21 May 2026. The flaw permits a local or network-adjacent attacker with limited privileges to traverse restricted directory paths on the Apex One server, potentially exposing configuration files, credentials, or policy data. Confirmed exploitation in the wild prompted CISA's KEV listing.
The CVE-2026-34926 listing is a reminder that security products themselves are not immune to the class of vulnerabilities they protect against. Endpoint security agents typically run with elevated privileges and maintain persistent connections to management servers, making directory-traversal flaws in the management plane particularly attractive to attackers seeking lateral movement or credential harvesting within already-compromised networks.