CVE-2026-45207

Vulnerability

An origin validation vulnerability exists in the Apex One and Vision One – Standard Endpoint Protection (SEP) agent on Windows. The flaw resides in a process protection communication mechanism, similar to CVE-2026-45206 but affecting a different code path [1]. Affected versions are Apex One 2019 (on-prem) server and agent builds below 17079, and SEP agent builds below 14.0.20731 [1].

Exploitation

An attacker must first obtain the ability to execute low-privileged code on the target system [1]. The vulnerability is then exploited by leveraging the missing origin validation in the agent's inter-process communication, allowing the attacker to manipulate the communication channel to escalate privileges. TrendAI has observed at least one instance of active exploitation in the wild [1].

Impact

Successful exploitation allows a local attacker to escalate privileges on affected installations [1]. By gaining higher privileges, the attacker could potentially execute arbitrary code with elevated rights, compromise system integrity, and access sensitive data.

Mitigation

TrendAI released fixed builds: for Apex One (on-prem) minimum agent build 14.0.0.17079 (new installs) or SP1 CP Build 18012 (for existing SP1 users); for Apex One as a Service and Vision One SEP, minimum agent build 14.0.20731 [1]. Customers who applied the previous CP 17079 build or installed fresh 17079 are already protected [1]. TrendAI recommends obtaining the latest product version from the Download Center [1].