CVE-2026-34926

Sažetak

A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations. This vulnerability is only exploitable on the on-premise version of Apex One and a potential attacker must have access to the Apex One Server and already obtained administrative credentials to the server via some other method to exploit this vulnerability.

Reference

https://jvn.jp/en/vu/JVNVU90583059/
https://success.trendmicro.com/en-US/solution/KA-0023430
https://success.trendmicro.com/ja-JP/solution/KA-0022974
https://www.jpcert.or.jp/english/at/2026/at260014.html
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34926

CVSS

Base:	6.7
Impact:	5.3
Exploitability:	0.8

Pristup

Vektor	Složenost	Autentikacija
LOCAL	HIGH	HIGH

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	LOW	LOW

CVSS vektor

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L

Zadnje važnije ažuriranje

21-05-2026 - 20:16

Objavljeno

21-05-2026 - 14:16