TrendAI Vision One Security Agent TOCTOU Flaw Allows Local Privilege Escalation to SYSTEM
A high-severity TOCTOU vulnerability in TrendAI's Apex One NT RealTime Scan service lets low-privileged attackers escalate to SYSTEM rights on affected systems.
A local privilege escalation vulnerability in TrendAI's Vision One Security Agent has been disclosed by the Zero Day Initiative, exposing enterprise endpoints to potential full compromise. Tracked as **CVE-2026-45208, the flaw is a classic time-of-check time-of-use (TOCTOU) race condition within the Apex One NT RealTime Scan service that ships as part of the Vision One agent. Successful exploitation allows an attacker with low-privileged code execution on the target system to escalate privileges to SYSTEM**, the highest integrity level on Windows.
The vulnerability was discovered by researcher Lays (@_L4ys) of TRAPA Security, who reported it to TrendAI on September 11, 2025. According to ZDI's advisory, the specific flaw stems from the lack of proper locking when the RealTime Scan service performs operations on an object. An attacker can abuse this window by racing the service's internal state changes — a classic TOCTOU pattern — to gain elevated execution context and ultimately run arbitrary code as `NT AUTHORITY\SYSTEM`.
The CVSS 3.1 base score assigned by ZDI is 7.8 (High), with the vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This reflects the manageable complexity: the attacker must already have a foothold on the target (e.g., via malware, a web shell, or another bug), but no additional user interaction is required, and the confidentiality, integrity, and availability impact are all rated High. Affected products include TrendAI Vision One Security Agent across versions using the Apex One NT RealTime Scan service.
TrendAI responded by issuing a security update, referenced on their support portal at: https://success.trendmicro.com/en-US/solution/KA-0023430. The coordinated public disclosure occurred on May 28, 2026, exactly nine months after the initial report. ZDI's advisory notes that TrendAI updated its advisory on the same day, suggesting that customer notification and patching were completed in parallel with the public release.
While no active exploitation has been publicly confirmed at the time of disclosure, the low barriers to exploitation — requiring only local access and standard user privileges — make this vulnerability attractive for attackers seeking to pivot from an initial infection to full system compromise. In enterprise environments where Vision One agents are deployed on domain controllers, file servers, and critical workstations, a successful privilege escalation could enable ransomware deployment, credential theft, or persistence mechanisms with minimal detection.
This advisory adds to a growing list of privilege escalation bugs in endpoint protection and detection tools, where the very components designed to secure systems often run at high integrity levels and themselves become targets. The disclosure also highlights the continued relevance of TOCTOU race conditions — a class of vulnerability that has been documented for decades yet regularly resurfaces in new products, especially those involving file system operations, inter-process communication, or kernel driver interactions.
System administrators and security teams running TrendAI Vision One should prioritize applying the vendor-supplied patch, verify that the Apex One NT RealTime Scan service is updated, and review any incidents where a low-privileged process exhibited unexpected SYSTEM-level behavior. Given the CVSS score and the direct path to full system control, this vulnerability should be treated with urgency in patching cycles.