CVE-2022-26871
published 2022-03-29CVE-2022-26871: An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which could lead…
PriorityP193critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-04-21
Exploited in the wild
EPSS
19.63%
97.1th percentile
An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which could lead to remote code execution.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| trend_micro | trend_micro_apex_central | — | — |
| trendmicro | apex_central | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2022-26871 is an arbitrary file upload vulnerability in Trend Micro Apex Central (on-premise) that allows unauthenticated remote attackers to upload arbitrary files leading to remote code execution. ↗
- →Trend Micro confirmed active in-the-wild exploitation attempts of CVE-2022-26871 at time of disclosure — treat any unpatched Apex Central instance as actively targeted. ↗
- →CISA added CVE-2022-26871 to its Known Exploited Vulnerabilities catalog with a remediation due date of 2022-04-21, confirming active exploitation. ↗
- ·Vulnerability affects Trend Micro Apex Central on-premise deployments only; the attack vector is unauthenticated and requires no user interaction, making internet-exposed instances at highest risk. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
cisa9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j827-v44f-fw4p: An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which co
ghsa_unreviewed·2022-03-30
CVE-2022-26871 [CRITICAL] CWE-345 GHSA-j827-v44f-fw4p: An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which co
An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which could lead to remote code execution.
VulnCheck
Trend Micro Apex Central Arbitrary File Upload Vulnerability
vulncheck·2022·CVSS 9.8
CVE-2022-26871 [CRITICAL] CWE-184 Trend Micro Apex Central Arbitrary File Upload Vulnerability
Trend Micro Apex Central Arbitrary File Upload Vulnerability
An arbitrary file upload vulnerability in Trend Micro Apex Central could allow for remote code execution.
Affected: Trend Micro Apex Central
Required Action: Apply updates per vendor instructions.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://raw.githubusercontent.com/blackorbird/APT_REPORT/master/summary/2023/360_APT_Annual_Research_Report_2022.pdf; https://www.mandiant.com/resources/blog/zero-days-exploited-2022
Remediation Due: 2022-04-21
CISA
Trend Micro Apex Central Arbitrary File Upload Vulnerability
cisa·2022-03-31·CVSS 9.8
CVE-2022-26871 [CRITICAL] CWE-184 Trend Micro Apex Central Arbitrary File Upload Vulnerability
Vulnerability: Trend Micro Apex Central Arbitrary File Upload Vulnerability
Affected: Trend Micro Apex Central
An arbitrary file upload vulnerability in Trend Micro Apex Central could allow for remote code execution.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2022-26871
Remediation Due Date: 2022-04-21
No detection rules found.
No public exploits indexed.
Bleepingcomputer
Trend Micro warns of critical Apex Central RCE vulnerability
blogs_bleepingcomputer·2026-01-09·CVSS 9.8
[CRITICAL] Trend Micro warns of critical Apex Central RCE vulnerability
## Trend Micro warns of critical Apex Central RCE vulnerability
## Sergiu Gatlan
Japanese cybersecurity software firm Trend Micro has patched a critical security flaw in Apex Central (on-premise) that could allow attackers to execute arbitrary code with SYSTEM privileges.
Apex Central is a web-based management console that helps admins manage multiple Trend Micro products and services (including antivirus, content security, and threat detection) and deploy components like antivirus pattern files, scan engines, and antispam rules from a single interface.
Tracked as CVE-2025-69258 , the vulnerability enables threat actors without privileges on the targeted system to gain remote code execution by injecting malicious DLLs in low-complexity attacks that don't require user interaction.
"A L
Checkpoint
4th April – Threat Intelligence Report
blogs_checkpoint·2022-04-04
CVE-2022-22965 4th April – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 4th April – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 4th April, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
Check Point Research (CPR) revealed a large spike in attacks committed by advanced persistent threat groups (APTs) around the world, using lures utilizing the war between Russia and Ukraine. Most of the attacks started with spear-phishing emails that contained documents with malicious macros dropping malware such as Loki.Rat ba
https://appweb.trendmicro.com/supportNews/NewsDetail.aspx?id=4435https://jvn.jp/vu/JVNVU99107357https://success.trendmicro.com/jp/solution/000290660https://success.trendmicro.com/solution/000290678https://www.jpcert.or.jp/english/at/2022/at220008.htmlhttps://appweb.trendmicro.com/supportNews/NewsDetail.aspx?id=4435https://jvn.jp/vu/JVNVU99107357https://success.trendmicro.com/jp/solution/000290660https://success.trendmicro.com/solution/000290678https://www.jpcert.or.jp/english/at/2022/at220008.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-26871
2022-03-29
Published
2022-03-31
Added to CISA KEV
Exploited in the wild