What is the CVSS score of EUVD-2026-31280?

EUVD-2026-31280 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Trend Micro Apex One are affected by EUVD-2026-31280?

Trend Micro Apex One (on-premises 2019 line and SaaS) contain a privilege escalation vulnerability enabling attackers with initial system access to gain elevated rights, creating a secondary attack…. A patch is available.

Trend Micro Apex One EUVD-2026-31280

| CVE-2026-34929 HIGH

Origin Validation Error (CWE-346)

2026-05-21 trendmicro

GHSA-ff4m-qxjh-q4cw

Privilege Escalation

7.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

May 21, 2026 - 14:15 vuln.today

Patch available

May 21, 2026 - 14:02 EUVD

DescriptionNVD

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different inter-process communication mechanism.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

AnalysisAI

Local privilege escalation in Trend Micro Apex One and Apex One as a Service agents allows an attacker with low-privileged code execution to gain elevated rights by exploiting weak origin validation in an inter-process communication channel. No public exploit identified at time of analysis, but the flaw is a sibling to CVE-2026-34927 (different IPC mechanism in the same agent) which raises the likelihood of researcher and adversary interest. …

RemediationAI

Within 24 hours: Identify all Apex One and Apex One as a Service deployments and confirm current versions via asset inventory. Within 7 days: Obtain Trend Micro security patches for affected versions (Apex One on-premises 2019 line 14.0 and SaaS offering) and deploy to non-production test environments to validate functionality and compatibility. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-31280 vulnerability details – vuln.today

Back

Trend Micro Apex One EUVD-2026-31280

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code