cbcvebase.

Trend Micro Inc Trendai Apex One vulnerabilities

11 known vulnerabilities affecting trend_micro_inc/trendai_apex_one.

Total CVEs
11
CISA KEV
1
actively exploited
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH9MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2026-34926P1MEDIUMCVSS 6.7KEV≥ 2019 (14.0), < 14.0.0.170792026-05-21
CVE-2026-34926 [MEDIUM] CWE-23 CVE-2026-34926: A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authentica A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations. This vulnerability is only exploitable on the on-premise version of Apex One and a potential attacker must have access to t
nvd
CVE-2025-71210P2CRITICALCVSS 9.8≥ 2019 (14.0), < 14.0.0.141362026-05-21
CVE-2025-71210 [CRITICAL] CWE-22 CVE-2025-71210: A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to uplo A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. Please note: although this vulnerability carries a technical critical CVSS rating, this was reported via responsible disclosure via a researcher through the Zero Day Initiative. The S
nvd
CVE-2025-71212P3HIGHCVSS 7.8≥ 2019 (14.0), < 14.0.0.141362026-05-21
CVE-2025-71212 [HIGH] CWE-59 CVE-2025-71212: A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2025-71213P3HIGHCVSS 7.8≥ 2019 (14.0), < 14.0.0.141362026-05-21
CVE-2025-71213 [HIGH] CWE-346 CVE-2025-71213: An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to esc An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2026-45208P3HIGHCVSS 7.8≥ 2019 (14.0), < 14.0.0.170792026-05-21
CVE-2026-45208 [HIGH] CWE-367 CVE-2026-45208: A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2025-71216P3HIGHCVSS 7.8≥ NA, < NA2026-05-21
CVE-2025-71216 [HIGH] CWE-367 CVE-2025-71216: A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent cache mechanism co A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent cache mechanism could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The following information i
nvd
CVE-2025-71217P3HIGHCVSS 7.8≥ NA, < NA2026-05-21
CVE-2025-71217 [HIGH] CWE-346 CVE-2025-71217: An origin validation error vulnerability in the Trend Micro Apex One (mac) agent self-protection mec An origin validation error vulnerability in the Trend Micro Apex One (mac) agent self-protection mechanism could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The following info
nvd
CVE-2026-34927P3HIGHCVSS 7.8≥ 2019 (14.0), < 14.0.0.170792026-05-21
CVE-2026-34927 [HIGH] CWE-346 CVE-2026-34927: An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalat An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2026-45206P3HIGHCVSS 7.8≥ 2019 (14.0), < 14.0.0.170792026-05-21
CVE-2026-45206 [HIGH] CWE-346 CVE-2026-45206: An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalat An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45207 but exists in a different process protection communication mechanism. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system i
nvd
CVE-2025-71214P3HIGHCVSS 7.8≥ NA, < NA2026-05-21
CVE-2025-71214 [HIGH] CWE-346 CVE-2025-71214: An origin validation error vulnerability in the Trend Micro Apex One (mac) agent iCore service could An origin validation error vulnerability in the Trend Micro Apex One (mac) agent iCore service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The following information is p
nvd
CVE-2025-71215P4HIGHCVSS 7.0≥ NA, < NA2026-05-21
CVE-2025-71215 [HIGH] CWE-367 CVE-2025-71215: A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent iCore service sign A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent iCore service signature verification could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The fo
nvd
Trend Micro Inc Trendai Apex One vulnerabilities | cvebase