EUVD-2026-31286
GHSA-74v9-v9f7-f4p8
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionNVD
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different named pipe communication mechanism.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
AnalysisAI
Local privilege escalation in Trend Micro Apex One and Apex One as a Service security agents allows a low-privileged attacker who already has code execution on the endpoint to elevate to higher privileges by abusing a named pipe that fails to validate the origin of incoming connections. The flaw is companion to CVE-2026-34927 (a sibling issue in a different named pipe) and currently has no public exploit identified at time of analysis, but its presence in widely-deployed endpoint security software materially raises post-compromise risk.
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
24 hours: Inventory all Trend Micro Apex One and Apex One as a Service deployments and current agent versions across the organization. 7 days: Obtain patched agent version from Trend Micro advisory, validate in non-production environment, and initiate phased rollout to critical systems and high-risk endpoints. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today