CVE-2026-45206 - Vulnerability Details

- Local Privilege Escalation via Origin Validation Vulnerability in Trend Micro Apex One

Description

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45207 but exists in a different process protection communication mechanism.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Published: 2026-05-21

Score: 7.8 High

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

An origin validation flaw in the Apex One/SEP agent allows a local attacker who already has the ability to execute low‑privileged code to bypass intended sandbox limits and elevate privileges. The flaw can be exploited to run code with higher privileges, potentially enabling further compromise of the affected system. This weakness is classified as CWE‑346, which involves missing origin validation for data or instructions.

Affected Systems

Trend Micro, Inc. products TrendAI Apex One (version 14.0.0.17079) and TrendAI Apex One as a Service (version 14.0.0.20731) are affected. Installing a newer patch or version that addresses the origin validation bug is required to mitigate the risk.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity, while the EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. Because exploitation requires pre‑existing local code execution, attackers must first find or create a separate foothold before triggering the privilege escalation. Once local execution is achieved, the flaw is highly feasible to exploit and can lead to system control by an attacker.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Trend Micro, Inc.

TrendAI Apex One

affected

Version	Status	Constraints
`2019 (14.0)`	affected	< 14.0.0.17079

Trend Micro, Inc.

TrendAI Apex One as a Service

affected

Version	Status	Constraints
`SaaS`	affected	< 14.0.20731

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the vendor‑supplied update or patch for Trend Micro Apex One (version ≥ 14.0.0.17079 for Apex One or ≥ 14.0.0.20731 for Apex One as a Service) as outlined in the solution guide at https://success.trendmicro.com/en-US/solution/KA-0023430
Configure the Apex One agent to run under the least privilege possible, disabling unnecessary permissions and restricting all inter‑process communication to authenticated origins
Disable the Apex One agent’s protected inter‑process communication mechanism until the fix is applied, preventing exploitation of the origin validation flaw

Generated by OpenCVE AI on May 21, 2026 at 14:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://success.trendmicro.com/en-US/solution/KA-0023430

History

Thu, 21 May 2026 15:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 21 May 2026 15:15:00 +0000

Type	Values Removed	Values Added
Title		Local Privilege Escalation via Origin Validation Vulnerability in Trend Micro Apex One

Thu, 21 May 2026 13:45:00 +0000

Type	Values Removed	Values Added
Description		An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45207 but exists in a different process protection communication mechanism. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
First Time appeared		Trendmicro Trendmicro apexone Op Trendmicro apexone Saas
Weaknesses		CWE-346
CPEs		cpe:2.3:a:trendmicro:apexone_op:14.0.0.17079:::::::* cpe:2.3:a:trendmicro:apexone_saas:14.0.0.20731:::::::*
Vendors & Products		Trendmicro Trendmicro apexone Op Trendmicro apexone Saas
References		https://success.trendmicro.com/en-US/solution/KA-0023430
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Subscriptions

Trendmicro Apexone Op Apexone Saas

MITRE

Status: PUBLISHED

Assigner: trendmicro

Published: 2026-05-21T13:04:15.439Z

Updated: 2026-05-21T14:24:31.002Z

Reserved: 2026-05-11T13:42:24.969Z

Link: CVE-2026-45206

Vulnrichment

Updated: 2026-05-21T13:59:45.314Z

NVD

Status : Undergoing Analysis

Published: 2026-05-21T14:16:47.983

Modified: 2026-05-21T15:05:28.023

Link: CVE-2026-45206

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-21T15:00:11Z

Weaknesses

CWE-346

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object