TrendAI Patches Apex One Zero-Day Exploited in the Wild

TrendAI Patches Apex One Zero-Day Exploited in the Wild

Briefly

"The zero-day, tracked as CVE-2026-34926, is a medium-severity directory traversal issue that can be exploited by an unauthenticated local attacker to "modify a key table on the server to inject malicious code to deploy to agents on affected installations"."

"TrendAI noted that the attacker requires admin credentials to the server, and the attack only works against the on-premises version of Apex One. No information has been shared by the cybersecurity firm on the attacks exploiting the latest zero-day. The vulnerability was discovered internally by TrendAI's incident response team."

"CISA added CVE-2026-34926 to its Known Exploited Vulnerabilities (KEV) catalog on Thursday, instructing federal agencies to address it by June 4. CISA's KEV catalog currently includes 10 other CVEs assigned to Apex flaws."

""Exploiting these type of vulnerabilities generally require that an attacker has access (physical or remote) to a vulnerable machine. In addition to timely application of patches and updated solutions, customers are also advised to review remote access to critical systems and ensure policies and perimeter security is up-to-date," TrendAI said in its advisory."