VulnerabilityBleeping Computer
9.8 — CRITICAL
Trend Micro warns of Apex One zero-day exploited in the wild
Japanese cybersecurity software company Trend Micro has addressed an Apex One zero-day vulnerability exploited in attacks targeting Windows systems. [...]
🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview
Trend Micro's Apex One zero-day vulnerability (CVE-2026-34926) has been exploited in attacks targeting Windows systems, with federal agencies ordered to patch within three weeks.
⚙️Technical Details
💥Impact Assessment
Severity: High
Who Is at Risk
Federal agencies and organizations using Trend Micro Apex One on-premises server
🛡️Recommended Actions
1Apply patches for CVE-2026-34926 within three weeks
2Validate cloud services configurations to prevent exploitation of CWE-78
3Monitor system logs for suspicious activity related to Trend Micro Apex One vulnerabilities
📦Affected Products
Trendmicro Apex OneMicrosoft WindowsTrendmicro Worry-Free Business SecurityTrendmicro Worry-Free Business Security Services
🔐NVD Verified DataVERIFIED
CVE-2026-34926 ↗CVSS 6.7 — MEDIUM
Attack Vector
LOCAL
Complexity
HIGH
Vector String
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:LWeaknesses
CWE-23
CVE-2025-54948 ↗CVSS 9.8 — CRITICAL
Attack Vector
NETWORK
Complexity
LOW
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HWeaknesses
CWE-78
Affected Products (CPE)
Trendmicro Apex One
CVE-2022-40139 ↗CVSS 7.2 — HIGH
Attack Vector
NETWORK
Complexity
LOW
Vector String
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HAffected Products (CPE)
Microsoft WindowsTrendmicro Apex One
CVE-2023-41179 ↗CVSS 7.2 — HIGH
Attack Vector
NETWORK
Complexity
LOW
Vector String
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HWeaknesses
CWE-94
Affected Products (CPE)
Microsoft WindowsTrendmicro Apex OneTrendmicro Worry-Free Business SecurityTrendmicro Worry-Free Business Security Services
Read the full article
This is a curated summary. The complete article is available at Bleeping Computer.