CVE-2026-34929
published 2026-05-21CVE-2026-34929: An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to…
PriorityP343high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.25%
15.7th percentile
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different inter-process communication mechanism.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| trendmicro | apex_one | < 14.0.0.17079 | 14.0.0.17079 |
| trendmicro | apex_one | < 14.0.20731 | 14.0.20731 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-ff4m-qxjh-q4cw: An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations
ghsa_unreviewed·2026-05-21·CVSS 7.8
CVE-2026-34929 [HIGH] CWE-346 GHSA-ff4m-qxjh-q4cw: An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different inter-process communication mechanism.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
VulDB
Trend Micro TrendAI Apex One/TrendAI Apex One as a Service Inter-Process Communication origin validation (EUVD-2026-31280)
vuldb·2026-05-21·CVSS 7.8
CVE-2026-34929 [HIGH] Trend Micro TrendAI Apex One/TrendAI Apex One as a Service Inter-Process Communication origin validation (EUVD-2026-31280)
A vulnerability, which was classified as critical, was found in Trend Micro TrendAI Apex One and TrendAI Apex One as a Service. Affected by this vulnerability is an unknown functionality of the component Inter-Process Communication. Such manipulation leads to origin validation error.
This vulnerability is traded as CVE-2026-34929. An attack has to be approached locally. There is no exploit available.
You should upgrade the affected component.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-21
Published