What is the CVSS score of EUVD-2026-31281?

EUVD-2026-31281 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Trend Micro Apex One are affected by EUVD-2026-31281?

Trend Micro Apex One endpoint protection agents on Windows contain a local privilege escalation vulnerability (CVE-2026-45208, CVSS 7.8) allowing low-privilege code to gain system administrator…. A patch is available.

Trend Micro Apex One EUVD-2026-31281

| CVE-2026-45208 HIGH

Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)

2026-05-21 trendmicro

GHSA-92rr-32pc-38g6

Privilege Escalation

7.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

May 21, 2026 - 14:20 vuln.today

Patch available

May 21, 2026 - 14:02 EUVD

DescriptionNVD

A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

AnalysisAI

Local privilege escalation in Trend Micro Apex One and Apex One as a Service agents allows an attacker with low-privileged code execution to win a race condition in the endpoint protection agent and elevate to higher privileges. The flaw is a time-of-check time-of-use (TOCTOU) weakness (CWE-367) in the Apex One/SEP agent on Windows endpoints, with no public exploit identified at time of analysis and not currently listed in CISA KEV. …

RemediationAI

Within 24 hours: Audit all Apex One deployments to identify Windows endpoints and their current software versions. Within 7 days: Deploy the patched Apex One build per Trend Micro advisory KA-0023430 to all Windows endpoints; coordinate maintenance windows with business units to minimize disruption. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-31281 vulnerability details – vuln.today

Back

Trend Micro Apex One EUVD-2026-31281

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code