Description
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Published: 2026-05-21
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An origin validation flaw in TrendMicro Apex One allows a local attacker who can already run low‑privileged code to gain higher system privileges. The weakness is classified as CWE‑346 and could lead an adversary to compromise confidentiality, integrity, or availability of the entire endpoint if the privilege elevation succeeds.

Affected Systems

Trend Micro’s Apex One 14.0.0.17079 and Apex One as a Service 14.0.0.20731 are affected. The vulnerability applies to installations of these versions by both TrendAI Apex One customers and users of the cloud‑based service.

Risk and Exploitability

The CVSS score of 7.8 signals high severity, but the EPSS score is unavailable and the vulnerability is not listed in CISA’s KEV catalog. Exploitation requires a local foothold, so an attacker must first execute code in a low‑privileged context before leveraging the flaw. Given a foothold, the risk to the system is significant because privileges can be escalated to administrative levels.

Generated by OpenCVE AI on May 21, 2026 at 14:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑supplied patch that updates Apex One to a version beyond 14.0.0.17079 for the on‑premise product and to a version beyond 14.0.0.20731 for the SaaS product.
  • Configure endpoint protection to enforce strict user privilege boundaries and block execution of unapproved local binaries, thereby limiting the ability of a low‑privileged attacker to serve as a prerequisite for the vulnerability.
  • Monitor endpoints for signs of unauthorized privilege escalation attempts and review audit logs to detect when the origin validation logic is triggered.
  • Consider segmenting affected machines in the network and applying least‑privilege user accounts to reduce the attack surface until the patch is applied.

Generated by OpenCVE AI on May 21, 2026 at 14:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 21 May 2026 15:00:00 +0000

Type Values Removed Values Added
Title Local Privilege Escalation via Apex One Origin Validation Vulnerability

Thu, 21 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 21 May 2026 13:45:00 +0000

Type Values Removed Values Added
Description An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
First Time appeared Trendmicro
Trendmicro apexone Op
Trendmicro apexone Saas
Weaknesses CWE-346
CPEs cpe:2.3:a:trendmicro:apexone_op:14.0.0.17079:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:apexone_saas:14.0.0.20731:*:*:*:*:*:*:*
Vendors & Products Trendmicro
Trendmicro apexone Op
Trendmicro apexone Saas
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Trendmicro Apexone Op Apexone Saas
cve-icon MITRE

Status: PUBLISHED

Assigner: trendmicro

Published:

Updated: 2026-05-21T13:51:33.483Z

Reserved: 2026-03-31T17:22:13.504Z

Link: CVE-2026-34927

cve-icon Vulnrichment

Updated: 2026-05-21T13:51:30.247Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-21T14:16:45.333

Modified: 2026-05-21T15:05:28.023

Link: CVE-2026-34927

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-21T14:45:12Z

Weaknesses