EUVD-2026-31282
GHSA-w6rw-fq38-ch7g
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionNVD
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different process protection mechanism.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
AnalysisAI
Local privilege escalation in Trend Micro Apex One and Apex One as a Service stems from an origin validation weakness (CWE-346) in one of the agent's process protection mechanisms, allowing a low-privileged local attacker to elevate to SYSTEM-level privileges on affected installations. The flaw was reported by Trend Micro itself and is a sibling issue to CVE-2026-34927, which affects a different process protection mechanism in the same agent. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Inventory all systems running Trend Micro Apex One or Apex One as a Service and quantify exposure to low-privileged local users. Within 7 days: Apply the vendor-released patch to all affected systems, prioritizing production servers and privileged user workstations. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today