TrendAI Patches Apex One Zero-Day Exploited in the Wild

TrendAI, Trend Micro’s enterprise business, has informed customers that it has patched another Apex One vulnerability that has been exploited in the wild.

The zero-day, tracked as CVE-2026-34926, is a medium-severity directory traversal issue that can be exploited by an unauthenticated local attacker to “modify a key table on the server to inject malicious code to deploy to agents on affected installations”.

TrendAI noted that the attacker requires admin credentials to the server, and the attack only works against the on-premises version of Apex One.

No information has been shared by the cybersecurity firm on the attacks exploiting the latest zero-day. The vulnerability was discovered internally by TrendAI’s incident response team.

It’s not uncommon for threat actors to exploit vulnerabilities in Apex products, but attribution information is rarely made public. Some past attacks have been linked to Chinese state-sponsored hackers, and given the access required to exploit CVE-2026-34926, it’s likely that this vulnerability has also been exploited by an APT.

TrendAI Patches Apex One Zero-Day Exploited in the Wild

Other newsrooms on this story

Related reading

CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV

Other newsrooms on this story

Related reading

CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV

Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation

Trend Micro Apex One und Langflow: Warnung vor Angriffen

State-backed hackers hammer Palo Alto firewall zero-day before patch lands

Google says hackers used AI to exploit ‘zero-day’ flaw - UPI.com

Microsoft warns of new Defender zero-days exploited in attacks