CVE-2026-34929
Description
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different inter-process communication mechanism.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An origin validation flaw in Trend Micro Apex One/SEP agent allows local privilege escalation; attack requires initial low-privilege code execution.
Vulnerability
An origin validation vulnerability exists in the Apex One/SEP agent's inter-process communication mechanism. This flaw allows a local attacker to escalate privileges. Affected versions include Apex One 2019 (on-prem) Server and Agent builds below 17079, and Apex One as a Service / Vision One Standard Endpoint Protection (SEP) Agent builds below 14.0.20731 [1].
Exploitation
To exploit this vulnerability, an attacker must first obtain the ability to execute low-privileged code on the target system. Once achieved, the attacker can leverage the origin validation flaw to escalate privileges. The exact sequence involves exploiting the specific inter-process communication mechanism that lacks proper origin validation [1].
Impact
Successful exploitation allows a local attacker to escalate privileges, potentially gaining higher-level access such as SYSTEM or administrative privileges, leading to full compromise of the affected system [1].
Mitigation
Trend Micro has released updates: for Apex One on-prem, update to SP1 Build 17079 (for new installs) or Critical Patch build 18012 (for existing SP1 users); for Apex One as a Service/SEP, update to Security Agent build 14.0.20731. These fixes are now available [1].
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
12- InstallFix and Claude Code: How Fake Install Pages Lead to Real CompromiseTrend Micro Research · May 5, 2026
- ZDI-26-269: TrendAI Apex One Console Directory Traversal Remote Code Execution VulnerabilityZero Day Initiative · Apr 15, 2026
- ZDI-26-270: TrendAI Apex One Console Directory Traversal Remote Code Execution VulnerabilityZero Day Initiative · Apr 15, 2026
- Copyright Lures Mask a Multi‑Stage PureLog Stealer Attack on Key IndustriesTrend Micro Research · Mar 19, 2026
- ZDI-26-136: Trend Micro Apex One Console Directory Traversal Remote Code Execution VulnerabilityZero Day Initiative · Mar 3, 2026
- ZDI-26-143: Trend Micro Apex One Security Agent TmSelfProtect Origin Validation Error Local Privilege Escalation VulnerabilityZero Day Initiative · Mar 3, 2026
- ZDI-26-140: Trend Micro Apex One Origin Validation Error Local Privilege Escalation VulnerabilityZero Day Initiative · Mar 3, 2026
- ZDI-26-141: Trend Micro Apex One Security Agent iCore Service Signature Verification Time-Of-Check Time-Of-Use Local Privilege Escalation VulnerabilityZero Day Initiative · Mar 3, 2026
- ZDI-26-137: Trend Micro Apex One Console Directory Traversal Remote Code Execution VulnerabilityZero Day Initiative · Mar 3, 2026
- ZDI-26-139: Trend Micro Apex One Security Agent iCore Service Origin Validation Error Local Privilege Escalation VulnerabilityZero Day Initiative · Mar 3, 2026
- ZDI-26-142: Trend Micro Apex One Security Agent Cache Mechanism Time-Of-Check Time-Of-Use Local Privilege Escalation VulnerabilityZero Day Initiative · Mar 3, 2026
- ZDI-26-138: Trend Micro Apex One Virus Scan Engine Link Following Local Privilege Escalation VulnerabilityZero Day Initiative · Mar 3, 2026