{"id":257047,"date":"2026-05-22T04:19:00","date_gmt":"2026-05-22T08:19:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/22\/trendai-patches-apex-one-zero-day-exploited-in-the-wild\/"},"modified":"2026-05-27T13:35:13","modified_gmt":"2026-05-27T17:35:13","slug":"trendai-patches-apex-one-zero-day-exploited-in-the-wild","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/22\/trendai-patches-apex-one-zero-day-exploited-in-the-wild\/","title":{"rendered":"TrendAI Patches Apex One Zero-Day Exploited in the Wild"},"content":{"rendered":"<p><a href=\"https:\/\/www.securityweek.com\/trendai-patches-apex-one-zero-day-exploited-in-the-wild\/\">TrendAI Patches Apex One Zero-Day Exploited in the Wild<\/a><\/p>\n<p><a href=\"https:\/\/www.securityweek.com\/trendai-patches-apex-one-zero-day-exploited-in-the-wild\/\">https:\/\/www.securityweek.com\/trendai-patches-apex-one-zero-day-exploited-in-the-wild\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-22 04:19:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.securityweek.com\">www.securityweek.com<\/a><\/p>\n<p class=\"wp-block-paragraph\"><strong>TrendAI, Trend Micro\u2019s enterprise business, has informed customers that it has patched another Apex One vulnerability that has been exploited in the wild.<\/strong><\/p>\n<p class=\"wp-block-paragraph\">The zero-day, tracked as CVE-2026-34926, is a medium-severity directory traversal issue that can be exploited by an unauthenticated local attacker to \u201cmodify a key table on the server to inject malicious code to deploy to agents on affected installations\u201d.<\/p>\n<p class=\"wp-block-paragraph\">TrendAI noted that the attacker requires admin credentials to the server, and the attack only works against the on-premises version of Apex One.<\/p>\n<p class=\"wp-block-paragraph\">No information has been shared by the cybersecurity firm on the attacks exploiting the latest zero-day. The vulnerability was discovered internally by TrendAI\u2019s incident response team.<\/p>\n<p class=\"wp-block-paragraph\">It\u2019s not uncommon for threat actors to exploit vulnerabilities in Apex products, but attribution information is rarely made public. Some past attacks have been linked to Chinese state-sponsored hackers, and given the access required to exploit CVE-2026-34926, it\u2019s likely that this vulnerability has also been exploited by an APT.<\/p>\n<p class=\"wp-block-paragraph\">CISA added CVE-2026-34926 to its Known Exploited Vulnerabilities (KEV) catalog on Thursday, instructing federal agencies to address it by June 4.<\/p>\n<p><span class=\"zox-ad-label\">Advertisement. Scroll to continue reading.<\/span><\/p>\n<p class=\"wp-block-paragraph\">CISA\u2019s KEV catalog currently includes 10 other CVEs assigned to Apex flaws.<\/p>\n<p class=\"wp-block-paragraph\">In addition to CVE-2026-34926, the latest Apex One updates address several other vulnerabilities \u2014 all of them are high-severity issues that can be exploited for local privilege escalation.<\/p>\n<p class=\"wp-block-paragraph\">\u201cExploiting these type of vulnerabilities generally require that an attacker has access (physical or remote) to a vulnerable machine. In addition to timely application of patches and updated solutions, customers are also advised to review remote access to critical systems and ensure policies and perimeter security is up-to-date,\u201d TrendAI said in its advisory.\u00a0<\/p>\n<p class=\"wp-block-paragraph\"><strong>Related<\/strong>: Google\u2019s Surge in Chrome Vulnerability&#8230;<\/p>\n<p><a href=\"https:\/\/www.securityweek.com\/trendai-patches-apex-one-zero-day-exploited-in-the-wild\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>TrendAI Patches Apex One Zero-Day Exploited in the Wild https:\/\/www.securityweek.com\/trendai-patches-apex-one-zero-day-exploited-in-the-wild\/ Publish Date: 2026-05-22 04:19:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":257048,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.securityweek.com\/wp-content\/uploads\/2025\/08\/Trend-Micro.jpeg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,31,27],"class_list":["post-257047","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-exploit","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/257047"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=257047"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/257047\/revisions"}],"predecessor-version":[{"id":257049,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/257047\/revisions\/257049"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/257048"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=257047"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=257047"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=257047"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}