CVE-2026-45208
published 2026-05-21CVE-2026-45208: A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. Please note…
PriorityP344high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.30%
21.6th percentile
A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| trend_micro_inc | trendai_apex_one | >= 2019 (14.0) < 14.0.0.17079 | 14.0.0.17079 |
| trend_micro_inc | trendai_apex_one_as_a_service | >= SaaS < 14.0.20731 | 14.0.20731 |
| trendmicro | apex_one | < 14.0.0.17079 | 14.0.0.17079 |
| trendmicro | apex_one | < 14.0.20731 | 14.0.20731 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-92rr-32pc-38g6: A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations
ghsa_unreviewed·2026-05-21
CVE-2026-45208 [HIGH] CWE-367 GHSA-92rr-32pc-38g6: A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations
A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
VulDB
Trend Micro TrendAI Apex One/TrendAI Apex One as a Service toctou (EUVD-2026-31281)
vuldb·2026-05-21·CVSS 7.8
CVE-2026-45208 [HIGH] Trend Micro TrendAI Apex One/TrendAI Apex One as a Service toctou (EUVD-2026-31281)
A vulnerability was found in Trend Micro TrendAI Apex One and TrendAI Apex One as a Service. It has been declared as critical. This issue affects some unknown processing. The manipulation results in time-of-check time-of-use.
This vulnerability was named CVE-2026-45208. The attack needs to be approached locally. There is no available exploit.
It is recommended to upgrade the affected component.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-21
Published