**Trend Micro**, a Japanese cybersecurity software company, has addressed a critical zero-day vulnerability affecting its Apex One endpoint security platform. Apex One is **Trend Micro's** enterprise-grade endpoint security solution designed to protect corporate networks from a wide array of threats, including malware, ransomware, fileless attacks, and web-based exploits. ## CVE-2026-34926: Directory Traversal Vulnerability The vulnerability, tracked as **CVE-2026-34926**, is a directory traversal flaw present in the on-premises version of Apex One. It enables a pre-authenticated local attacker with administrative privileges to modify a key table on the server and inject malicious code, which can then be deployed to agents on affected installations. "A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations," **Trend Micro** stated in a security advisory. While the exploitation of this vulnerability requires an attacker to have both local access to the Apex One server and pre-existing administrative credentials, **Trend Micro** has confirmed active exploitation attempts in the wild via **TrendAI**. ## CISA Mandate: Patch by June 4 Recognizing the severity of the threat, **CISA** has added **CVE-2026-34926** to its catalog of actively exploited vulnerabilities. Federal agencies are now under order to apply the necessary patches by June 4. "These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise," **CISA** warned. The agency advises applying mitigations according to vendor instructions, following applicable BOD 22-01 guidance for cloud services, or discontinuing use of the product if mitigations are unavailable. ## Additional Vulnerabilities Addressed In addition to the zero-day, **Trend Micro** also released updates to address seven local privilege escalation vulnerabilities in the Apex One Standard Endpoint Protection (SEP) agent. These flaws could be exploited by attackers with the ability to execute low-privileged code on a target system. ## A History of Apex One Vulnerabilities Over the past several years, flaws in **Trend Micro** Apex One have been a frequent target for threat actors, often in zero-day attacks. Previous incidents include: * August 2025: Actively exploited Apex One RCE bug (**CVE-2025-54948**) * September 2022: Two zero-days exploited in the wild (**CVE-2022-40139**) * September 2023: Zero-day exploited in attacks (**CVE-2023-41179**) **CISA** currently tracks 12 **Trend Micro** Apex vulnerabilities that have been or are still being abused in attacks.  ## The Validation Gap: Automated Pentesting Shortcomings Automated pentesting tools offer value, but they primarily answer one question: can an attacker move through the network? They don't assess whether your controls block threats, your detection rules trigger, or your cloud configurations are secure. A comprehensive validation strategy requires assessing six key surfaces. [Download the guide to learn more](https://hubs.li/Q048zztN0).