What is the CVSS score of CVE-2026-34926?

CVE-2026-34926 has a CVSS 3.1 base score of 6.7 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L. EPSS exploitation probability: 0.3%.

Is CVE-2026-34926 being actively exploited?

Yes, CVE-2026-34926 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, confirming active in-the-wild exploitation. Immediate patching is required.

Is there a patch available for CVE-2026-34926?

Yes, a patch is available for CVE-2026-34926. Update the affected software to the latest version immediately.

Trend Micro Apex One CVE-2026-34926

EUVD-2026-31284 MEDIUM

Relative Path Traversal (CWE-23)

2026-05-21 trendmicro

GHSA-4ccp-cqrh-3w9v

Path Traversal

6.7

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L

Attack Vector

Local

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

Low

Availability

Low

Lifecycle Timeline

Added to CISA KEV

May 21, 2026 - 19:31 CISA

Analysis Generated

May 21, 2026 - 14:21 vuln.today

Patch available

May 21, 2026 - 14:02 EUVD

DescriptionNVD

A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations.

This vulnerability is only exploitable on the on-premise version of Apex One and a potential attacker must have access to the Apex One Server and already obtained administrative credentials to the server via some other method to exploit this vulnerability.

AnalysisAI

Directory traversal in Trend Micro Apex One on-premise server (versions before 14.0.0.17079) enables a highly privileged local attacker to manipulate a key server table and inject malicious code that propagates to all managed endpoint agents, effectively weaponizing the EDR platform's own distribution infrastructure. The attack requires an adversary who has already obtained administrative credentials to the Apex One server through a separate compromise vector. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-34926 vulnerability details – vuln.today

Back

Trend Micro Apex One CVE-2026-34926

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

Share

External POC / Exploit Code