Description
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45206 but exists in a different process protection communication mechanism.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Published: 2026-05-21
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An origin validation flaw in the Apex One/SEP agent permits a local attacker, once managing to run low‑privileged code on a vulnerable machine, to elevate their privileges to that of a higher level account. The weakness lies in how the agent verifies the source of received data, and it is categorized under CWE‑346. The applicability is limited to scenarios where local code execution is already possible, so the flaw alone does not allow remote compromise; it solely provides a means of privilege escalation once the attacker has foothold.

Affected Systems

Trend Micro, Inc. products : TrendAI Apex One and TrendAI Apex One as a Service, specifically the 14.0.0.17079 and 14.0.0.20731 builds. These are the only affected versions listed in the CNA data.

Risk and Exploitability

The CVSS score of 7.8 reflects a high severity for local privilege escalation. The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, implying no known widespread exploitation at this time. Attackers must first obtain the ability to run code as a non‑privileged user, after which the origin validation bypass can be leveraged to elevate. Because the exploitation conditions are local and require initial code execution, the threat is confined to environments where users can execute unsigned binaries or scripts.

Generated by OpenCVE AI on May 21, 2026 at 14:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑issued update for TrendAI Apex One that fixes the origin validation flaw, as detailed in the product support resource.
  • Restrict the use of local accounts for running arbitrary code by enforcing least‑privilege policies and audit enabled rights for the Apex One agent processes.
  • Set up continuous monitoring of agent logs and unauthorized file changes to detect attempts to exploit the flaw before privilege escalation can occur.

Generated by OpenCVE AI on May 21, 2026 at 14:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 21 May 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 21 May 2026 15:00:00 +0000

Type Values Removed Values Added
Title Privilege Escalation in Trend Micro Apex One Agent

Thu, 21 May 2026 13:45:00 +0000

Type Values Removed Values Added
Description An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45206 but exists in a different process protection communication mechanism. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
First Time appeared Trendmicro
Trendmicro apexone Op
Trendmicro apexone Saas
Weaknesses CWE-346
CPEs cpe:2.3:a:trendmicro:apexone_op:14.0.0.17079:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:apexone_saas:14.0.0.20731:*:*:*:*:*:*:*
Vendors & Products Trendmicro
Trendmicro apexone Op
Trendmicro apexone Saas
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Trendmicro Apexone Op Apexone Saas
cve-icon MITRE

Status: PUBLISHED

Assigner: trendmicro

Published:

Updated: 2026-05-21T14:24:23.426Z

Reserved: 2026-05-11T13:42:24.970Z

Link: CVE-2026-45207

cve-icon Vulnrichment

Updated: 2026-05-21T13:59:33.604Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-21T14:16:48.133

Modified: 2026-05-21T15:05:28.023

Link: CVE-2026-45207

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-21T14:45:12Z

Weaknesses