CVE-2026-34930

Vulnerability

An origin validation vulnerability exists in the Apex One (on-premise, as a Service) and Vision One – Standard Endpoint Protection (SEP) security agent on Windows. Affected builds are Apex One 2019 (on-prem) Server and Agent builds below 14.0.0.17079 and SEP Agent builds below 14.0.20731. The flaw resides in a different process protection mechanism than CVE-2026-34927, but shares a similar root cause of improper origin validation [1].

Exploitation

An attacker must first obtain the ability to execute low-privileged code on the target Windows system. No additional user interaction or network access is required beyond local code execution; the attacker can then trigger the vulnerable code path in the agent process to exploit the origin validation weakness [1].

Impact

Successful exploitation allows the attacker to escalate privileges on the affected installation. The CVSS v3 score of 7.8 (High) reflects a high impact on confidentiality, integrity, and availability, with the attacker potentially gaining elevated system-level privileges [1].

Mitigation

TrendAI has released fixed builds: Apex One (on-prem) SP1 CP Build 18012 (or SP1 Build 17079 for new installs) with agent build 14.0.0.17079, and SEP Agent build 14.0.20731. Customers who applied the earlier CP 17079 build are already protected. These updates are available now from the TrendAI Download Center. TrendAI notes at least one known exploitation attempt in the wild (ITW) for this vulnerability class [1].