High severity7.8NVD Advisory· Published May 21, 2026· Updated May 22, 2026
CVE-2026-45207
CVE-2026-45207
Description
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45206 but exists in a different process protection communication mechanism.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:trendmicro:apex_one:*:*:*:*:on-premises:windows:*:*+ 2 more
- cpe:2.3:a:trendmicro:apex_one:*:*:*:*:on-premises:windows:*:*range: <14.0.0.17079
- cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:windows:*:*range: <14.0.20731
- (no CPE)
Patches
Vulnerability mechanics
References
1- success.trendmicro.com/en-US/solution/KA-0023430nvdVendor Advisory
News mentions
2- ZDI-26-325: TrendAI Vision One Security Agent Origin Validation Error Local Privilege Escalation VulnerabilityZero Day Initiative · May 28, 2026
- Trend Micro Apex One: 13 CVEs Disclosed Including Actively Exploited Zero-DayVypr Intelligence · May 21, 2026