TrendAI Patches Apex One Zero-Day Exploited in the Wild

TrendAI, Trend Micro’s enterprise business, has informed customers that it has patched another Apex One vulnerability that has been exploited in the wild.

The zero-day, tracked as CVE-2026-34926, is a medium-severity directory traversal issue that can be exploited by an unauthenticated local attacker to “modify a key table on the server to inject malicious code to deploy to agents on affected installations”.

TrendAI noted that the attacker requires admin credentials to the server, and the attack only works against the on-premises version of Apex One.

No information has been shared by the cybersecurity firm on the attacks exploiting the latest zero-day. The vulnerability was discovered internally by TrendAI’s incident response team.

It’s not uncommon for threat actors to exploit vulnerabilities in Apex products, but attribution information is rarely made public. Some past attacks have been linked to Chinese state-sponsored hackers, and given the access required to exploit CVE-2026-34926, it’s likely that this vulnerability has also been exploited by an APT.

CISA added CVE-2026-34926 to its Known Exploited Vulnerabilities (KEV) catalog on Thursday, instructing federal agencies to address it by June 4.

Advertisement. Scroll to continue reading.

CISA’s KEV catalog currently includes 10 other CVEs assigned to Apex flaws.

In addition to CVE-2026-34926, the latest Apex One updates address several other vulnerabilities — all of them are high-severity issues that can be exploited for local privilege escalation.

“Exploiting these type of vulnerabilities generally require that an attacker has access (physical or remote) to a vulnerable machine. In addition to timely application of patches and updated solutions, customers are also advised to review remote access to critical systems and ensure policies and perimeter security is up-to-date,” TrendAI said in its advisory.

What's Hot

TrendAI Patches Apex One Zero-Day Exploited in the Wild

This Week’s Awesome Tech Stories From Around the Web (Through May 23)

The My Pixel app appears to be broken for some Pixel users

TrendAI Patches Apex One Zero-Day Exploited in the Wild

‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains

‘First VPN’ Cybercrime Service Disrupted, Administrator Arrested

In Other News: Industrial Router Exploitation, CISA KEV Nomination Form, Gas Station Hacking

Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure

Canadian Man Arrested for Operating Kimwolf Botnet

Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking

The iPad Air brand makes no sense – it needs a rethink

ChatGPT Group Chats are here … but not for everyone (yet)

Facebook updates its algorithm to give users more control over which videos they see

Our Picks

TrendAI Patches Apex One Zero-Day Exploited in the Wild

This Week’s Awesome Tech Stories From Around the Web (Through May 23)

The My Pixel app appears to be broken for some Pixel users

Subscribe to Updates

What's Hot

TrendAI Patches Apex One Zero-Day Exploited in the Wild

Related Posts