CVE-2026-34926

MEDIUM

A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations. This vulnerability is only exploitable on the on-premise version of Apex One and a potential attacker must have access to the Apex One Server and already obtained administrative credentials to the server via some other method to exploit this vulnerability.

CVSS v3.1 Score

6.7

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L

Attack Vector

LOCAL

Complexity

HIGH

Privileges

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

LOW

Availability

LOW

Published: 5/21/2026Modified: 5/22/2026

Related Intelligence (1)

CRITICALZero Day

TrendAI Patches Apex One Zero-Day Exploited in the Wild

CVE-2026-34926 is a directory traversal flaw that can be exploited against the on-premise version of Apex One. The post TrendAI Patches Apex One Zero-Day Exploited in the Wild appeared first on SecurityWeek .

CVE-2026-34926

May 22, 2026SecurityWeek

References (5)

https://jvn.jp/en/vu/JVNVU90583059/Third Party Advisory https://success.trendmicro.com/en-US/solution/KA-0023430Vendor Advisory https://success.trendmicro.com/ja-JP/solution/KA-0022974Vendor Advisory https://www.jpcert.or.jp/english/at/2026/at260014.htmlThird Party Advisory https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34926Third Party AdvisoryUS Government Resource