Trend Micro warns of Apex One zero-day exploited in the wild

Trend Micro patched an on-premises Apex One directory traversal zero-day (CVE-2026-34926) that allows a local attacker with administrative access to modify server tables and inject code to deploy to agents; Trend Micro observed at least one in-the-wild attempt and CISA ordered federal agencies to patch by June 4. The company also released updates addressing seven local privilege escalation flaws in the Apex One SEP agent and highlighted a history of exploited Apex One vulnerabilities.