Trend Micro

Trend Micro, a major cybersecurity and antivirus software vendor, has a medium-severity vulnerability (CVSS 5.3) that allows authenticated attackers to remotely access sensitive information through a network-based attack requiring specific conditions. The vulnerability demands user login credentials and cannot be exploited without authentication, limiting its immediate risk but still enabling confidential data disclosure to threat actors with valid accounts. Security teams should monitor for any suspicious authentication attempts or unusual data access patterns in Trend Micro products until the January 31, 2026 patch deadline.