CVE-2026-45206

Vulnerability

An origin validation vulnerability exists in the Apex One / Vision One – Standard Endpoint Protection (SEP) agent for Windows. The bug resides in a process protection communication mechanism, allowing a local attacker who already has low-privileged code execution to escalate privileges. Affected versions include Apex One 2019 (On-prem) server and agent builds below 17079, and SEP agent builds below 14.0.20731 [1].

Exploitation

An attacker must first obtain the ability to execute low-privileged code on the target system. With that foothold, they can exploit the flawed origin validation in the affected agent's inter-process communication to elevate their privileges [1]. TrendAI has observed at least one instance of attempted active exploitation in the wild.

Impact

Successful exploitation allows an attacker to escalate privileges locally on the affected Windows system. The precise outcome is privilege escalation, potentially leading to full system compromise [1].

Mitigation

TrendAI released fixes: for Apex One (on-prem), apply SP1 CP Build 18012 (for existing SP1 users) or install SP1 Build 17079 (for new installs) — ensuring agent build is at least 14.0.0.17079. For Apex One as a Service and Vision One SEP, update to Security Agent build 14.0.20731. All fixes are available now [1].