Published:2026/05/21  Last Updated:2026/05/21

JVNVU#90583059
Multiple vulnerabilities in Trend Micro Endpoint security products for enterprises (May 2026)
Critical

Overview

Trend Micro Incorporated has released security updates for Endpoint security products for enterprises.

Products Affected

  • TrendAI Apex One (On Premise)
    • Server: Build prior to 17079
    • Security Agent: Agent Build prior to 14.0.17079
  • Trend Micro Apex One as a Service
    • Server: before the maintenance on April 2026
    • Security Agent: Agent Build prior to 14.0.20731
  • TrendAI Vision One Endpoint Security - Standard Endpoint Protection
    • Server: before the maintenance on April 2026
    • Security Agent: Agent Build prior to 14.0.20731

Description

Multiple vulnerabilities in Trend Micro Endpoint security products for enterprises contain multiple vulnerabilities listed below.

  • Relative path traversal in Apex One server (CWE-23)
    • CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H Base Score 4.9
    • CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L Base Score 6.7
    • CVE-2026-34926
    • The only product that could be vulnerable to this exploit is TrendAI Apex One (On Premise).
  • Origin validation error in Security Agent (CWE-346)
    • CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.5
    • CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 7.8
    • CVE-2026-34927、CVE-2026-34928、CVE-2026-34929、CVE-2026-34930、CVE-2026-45206、CVE-2026-45207
  • Time-of-check time-of-use (TOCTOU) race condition in Security Agent (CWE-367)
    • CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.5
    • CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 7.8
    • CVE-2026-45208
Trend Micro Incorporated has reported that attacks exploiting CVE-2026-34926 have been observed in the wild.

Impact

  • An attacker who can access Apex One server with administrator privileges may be able to tamper with arbitrary files on the server, potentially allowing crafted code to be distributed to the security agent (CVE-2026-34926)
  • An attacker who can access Security Agent may escalate privileges (CVE-2026-34927, CVE-2026-34928, CVE-2026-34929, CVE-2026-34930, CVE-2026-45206, CVE-2026-45207, CVE-2026-45208)

Solution

Apply the Patch
Apply the appropriate patch according to the information provided by the developer.
The developer has released the patchs listed below that address the vulnerabilities.

  • TrendAI Apex One (On Premise)
    • Server: Service Pack 1 Critical Patch B18012
    • Security Agent: Agent Build 14.0.18012
  • Trend Micro Apex One as a Service
    • Server: fixed with April 2026 maintenance
    • Security Agent: Agent Build 14.0.20731
  • TrendAI Vision One Endpoint Security - Standard Endpoint Protection
    • Server: fixed with April 2026 maintenance
    • Security Agent: Agent Build 14.0.20731

Vendor Status

Vendor Link
Trend Micro Incorporated ITW SECURITY BULLETIN: Apex One and Vision One – Standard Endpoint Protection (SEP) May 2026 Security Bulletin (Text in Japanese)

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.

Other Information

JPCERT Alert JPCERT-AT-2026-0014
Alert Regarding Multiple Vulnerabilities in Trend Micro Products Including TrendAI Apex One
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia

Update History

2026/05/21
Information under the section [Other Information] was updated