CISA Warns of Trend Micro Apex One Vulnerability Exploited in Attacks

CISA added CVE-2026-34926, a directory traversal vulnerability in on-prem Trend Micro Apex One, to its Known Exploited Vulnerabilities list; the flaw enables a pre-authenticated local attacker to alter a server database and inject malicious payloads that can be pushed to endpoint agents. CISA confirms active exploitation and has directed federal agencies to remediate by June 4, 2026; vendors and organizations are urged to apply patches, follow mitigations, restrict server access, and enhance monitoring to prevent widespread endpoint compromise.