Critical Trend Micro Apex One Vulnerabilities Allow Remote Malicious Code Execution

Trend Micro published a February 2026 security bulletin for Apex One 2019 (on‑premises) and related services disclosing eight vulnerabilities (CVE‑2025‑71210 through CVE‑2025‑71217). Two critical unauthenticated directory‑traversal flaws in the management console enable remote code execution (CVSS 9.8), while the remaining issues are high‑severity local privilege escalations; Trend Micro released a Critical Patch (CP Build 14136) and agent updates with mitigation guidance including access restrictions and patches.