CVE-2026-34929 - Vulnerability Details

- Privilege Escalation via Origin Validation Flaw in TrendMicro Apex One

Description

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different inter-process communication mechanism.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Published: 2026-05-21

Score: 7.8 High

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

An origin validation flaw in the Apex One/SEP agent permits a local attacker, once able to run low‑privileged code, to elevate their privileges on the affected system. The vulnerability arises from insufficient validation of the source of inter‑process messages, enabling the attacker to trick the agent into executing privileged operations. The result is a full compromise of the local administrator credentials, granting the attacker complete control over the host.

Affected Systems

Trend Micro Apex One versions 14.0.0.17079 and Trend Micro Apex One as a Service 14.0.0.20731 are affected. These are the current releases listed by TrendMicro and the CVE notes the vulnerability exists in the associated inter‑process communication mechanism.

Risk and Exploitability

The CVSS score of 7.8 places this issue in the High severity range. No EPSS score is available, and the vulnerability is not yet listed in CISA’s KEV catalog. Exploitation requires the attacker to first achieve local code execution with low privileges, after which the origin validation flaw can be abused to gain elevated rights. The attack vector is local, meaning it is primarily relevant in environments where an adversary can run code on the target machine, such as compromised user sessions or malicious local applications.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Trend Micro, Inc.

TrendAI Apex One

affected

Version	Status	Constraints
`2019 (14.0)`	affected	< 14.0.0.17079

Trend Micro, Inc.

TrendAI Apex One as a Service

affected

Version	Status	Constraints
`SaaS`	affected	< 14.0.20731

No data.

Vendor Product Confidence Versions

Trendmicro

Apexone Op

95%

Version	Status	Scheme	Platform
`[2019 (14.0),14.0.0.17079)`	affected	generic	—

Trendmicro

Apexone Saas

95%

Version	Status	Scheme	Platform
`[SaaS,14.0.20731)`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade Trend Micro Apex One to the latest released version that contains the vendor patch for this issue.
Restrict the privileges of the Apex One agent process by ensuring it runs under a least‑privileged service account and does not allow local user execution of agent helper binaries.
Continuously monitor the system for anomalous local code execution that could indicate attempts to exploit this flaw, and block any unauthorized processes immediately.

Generated by OpenCVE AI on May 21, 2026 at 14:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://success.trendmicro.com/en-US/solution/KA-0023430

History

Thu, 21 May 2026 15:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 21 May 2026 15:00:00 +0000

Type	Values Removed	Values Added
Title		Privilege Escalation via Origin Validation Flaw in TrendMicro Apex One

Thu, 21 May 2026 13:45:00 +0000

Type	Values Removed	Values Added
Description		An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different inter-process communication mechanism. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
First Time appeared		Trendmicro Trendmicro apexone Op Trendmicro apexone Saas
Weaknesses		CWE-346
CPEs		cpe:2.3:a:trendmicro:apexone_op:14.0.0.17079:::::::* cpe:2.3:a:trendmicro:apexone_saas:14.0.0.20731:::::::*
Vendors & Products		Trendmicro Trendmicro apexone Op Trendmicro apexone Saas
References		https://success.trendmicro.com/en-US/solution/KA-0023430
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Subscriptions

Trendmicro Apexone Op Apexone Saas

MITRE

Status: PUBLISHED

Assigner: trendmicro

Published: 2026-05-21T13:03:50.529Z

Updated: 2026-05-21T14:24:43.445Z

Reserved: 2026-03-31T17:22:13.504Z

Link: CVE-2026-34929

Vulnrichment

Updated: 2026-05-21T14:02:20.800Z

NVD

Status : Undergoing Analysis

Published: 2026-05-21T14:16:45.590

Modified: 2026-05-21T15:05:28.023

Link: CVE-2026-34929

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-21T15:45:13Z

Weaknesses

CWE-346

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object