Description
A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Published: 2026-05-21
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A time‑of‑check/time‑of‑use race condition exists in the Apex One/SEP agent, allowing a local attacker who has already executed low‑privileged code to elevate their privileges. The flaw is classified as CWE‑367. The vulnerability does not provide remote access; it relies on local code execution to be exploitable.

Affected Systems

Trend Micro, Inc. products TrendAI Apex One and TrendAI Apex One as a Service are affected. The disclosed vulnerable versions are Apex One 14.0.0.17079 and Apex One as a Service 14.0.0.20731.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity. EPSS data is not available, so the likelihood of exploitation cannot be quantified, and the vulnerability is not listed in the CISA KEV catalog. Attackers must gain local code execution first, making the attack vector local and requiring the prerequisite of running code with low privileges.

Generated by OpenCVE AI on May 21, 2026 at 14:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and install the latest Apex One update that includes the fix for CVE‑2026‑45208.
  • Configure the Apex One/SEP agent to run with the minimum permissions necessary and restrict local user accounts from executing arbitrary code.
  • Implement network segmentation and monitor local process activity for signs of local privilege escalation attempts.

Generated by OpenCVE AI on May 21, 2026 at 14:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 21 May 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 21 May 2026 15:00:00 +0000

Type Values Removed Values Added
Title Local Privilege Escalation via Time-of-Check Race in Trend Micro Apex One Agent

Thu, 21 May 2026 13:45:00 +0000

Type Values Removed Values Added
Description A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
First Time appeared Trendmicro
Trendmicro apexone Op
Trendmicro apexone Saas
Weaknesses CWE-367
CPEs cpe:2.3:a:trendmicro:apexone_op:14.0.0.17079:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:apexone_saas:14.0.0.20731:*:*:*:*:*:*:*
Vendors & Products Trendmicro
Trendmicro apexone Op
Trendmicro apexone Saas
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Trendmicro Apexone Op Apexone Saas
cve-icon MITRE

Status: PUBLISHED

Assigner: trendmicro

Published:

Updated: 2026-05-21T14:24:16.322Z

Reserved: 2026-05-11T13:42:24.970Z

Link: CVE-2026-45208

cve-icon Vulnrichment

Updated: 2026-05-21T13:59:21.276Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-21T14:16:48.257

Modified: 2026-05-21T15:05:28.023

Link: CVE-2026-45208

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-21T15:00:10Z

Weaknesses