Description
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different process protection mechanism.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Published: 2026-05-21
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an origin validation flaw in the TrendAI Apex One agent that allows a local attacker who can already execute low‑privileged code to increase their privileges on the affected installation. The flaw is a classic origin trust boundary violation (CWE‑346) that enables an attacker to bypass process protections and gain higher level access, potentially compromising system integrity and data confidentiality.

Affected Systems

Affected products include Trend Micro TrendAI Apex One and TrendAI Apex One as a Service. The documented affected versions are 14.0.0.17079 for the on‑premises agent and 14.0.0.20731 for the SaaS deployment, as listed in the vendor's advisory.

Risk and Exploitability

The CVSS score of 7.8 categorizes the issue as high severity. Exploitation requires local code execution to serve as a foothold, making it a local privilege escalation vector. The EPSS score is not available, and the vulnerability is not currently listed in CISA's KEV catalog, indicating no known widespread active exploitation yet. Nonetheless, the high impact warrants prompt remediation.

Generated by OpenCVE AI on May 21, 2026 at 14:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update TrendAI Apex One and the Apex One as a Service to the latest versions that contain the fix for this origin validation defect.
  • Limit local user accounts from executing arbitrary code that could be used as a preliminary foothold for the escalation path.
  • Enable application integrity controls or whitelisting to prevent unexpected process execution on the protected system.

Generated by OpenCVE AI on May 21, 2026 at 14:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 21 May 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 21 May 2026 15:00:00 +0000

Type Values Removed Values Added
Title Local Privilege Escalation via Origin Validation Failure in TrendAI Apex One Agent

Thu, 21 May 2026 13:45:00 +0000

Type Values Removed Values Added
Description An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different process protection mechanism. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
First Time appeared Trendmicro
Trendmicro apexone Op
Trendmicro apexone Saas
Weaknesses CWE-346
CPEs cpe:2.3:a:trendmicro:apexone_op:14.0.0.17079:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:apexone_saas:14.0.0.20731:*:*:*:*:*:*:*
Vendors & Products Trendmicro
Trendmicro apexone Op
Trendmicro apexone Saas
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Trendmicro Apexone Op Apexone Saas
cve-icon MITRE

Status: PUBLISHED

Assigner: trendmicro

Published:

Updated: 2026-05-21T14:24:37.805Z

Reserved: 2026-03-31T17:22:13.504Z

Link: CVE-2026-34930

cve-icon Vulnrichment

Updated: 2026-05-21T14:02:08.077Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-21T14:16:45.710

Modified: 2026-05-21T15:05:28.023

Link: CVE-2026-34930

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-21T14:45:12Z

Weaknesses