                                                   JPCERT-AT-2026-0014
                                                             JPCERT/CC
                                                    2026-05-21(Initial)
                                                    2026-05-22(Update)

                 <<< JPCERT/CC Alert 2026-05-21 >>>

Alert Regarding Multiple Vulnerabilities in Trend Micro Products Including TrendAI Apex One

       https://www.jpcert.or.jp/english/at/2026/at260014.html


I. Overview
On May 21, 2026, Trend Micro has released the information regarding
multiple vulnerabilities in TrendAI Apex One (On Premise), Trend Micro
Apex One as a Service, TrendAI Vision One Endpoint Security - Standard
Endpoint Protection.

If these vulnerabilities are exploited, an authenticated attacker
may be able to tamper with arbitrary files on the server, potentially
allowing crafted code to be distributed to the security agent, or
escalate privileges.

Trend Micro Incorporated has reported that attacks exploiting
the relative path traversal vulnerability in TrendAI Apex One
(On Premise) (CVE-2026-34926) have been observed in the wild.
Since one of the vulnerabilities has already been exploited in the
wild, the users of the affected products are recommended to update
the affected system to the latest version as soon as possible.
Please refer to the information provided by Trend Micro.

    Trend Micro Incorporated
    ITW SECURITY BULLETIN: Apex One and Vision One - Standard Endpoint Protection (SEP) May 2026 Security Bulletin
    https://success.trendmicro.com/en-US/solution/KA-0023430


II. Affected Products
Affected products are as follows:

- TrendAI Apex One (On Premise)  
- Trend Micro Apex One as a Service  
- TrendAI Vision One Endpoint Security - Standard Endpoint Protection  

According to Trend Micro, the only product that could be vulnerable to
the exploitation of the relative path traversal vulnerability
(CVE-2026-34926) is TrendAI Apex One (On Premise).


III. Solution
Please consider applying the appropriate patch according to the
information provided by Trend Micro. Trend Micro has released the
patches listed below that address the vulnerabilities.

TrendAI Apex One (On Premise)

- Apply the patch to the server and security agent.

Trend Micro Apex One as a Service and TrendAI Vision One Endpoint Security - Standard Endpoint Protection

- Apply the patch to the security agent. Since these products are cloud services, the server-side vulnerabilities were already fixed during the April 2026 maintenance.


IV. References
    Japan Vulnerability Notes JVNVU#90583059
    Multiple vulnerabilities in Trend Micro Endpoint security products for enterprises (May 2026)
    https://jvn.jp/en/vu/JVNVU90583059


If you have any information regarding this alert, please contact
JPCERT/CC.

________
Revision History
2026-05-21 First edition
2026-05-22 Updated the link in "I. Overview"

======================================================================
JPCERT Coordination Center (Cyber Security Coordination Group)
MAIL: ew-info@jpcert.or.jp
https://www.jpcert.or.jp/english/