CVE-2026-34928: Trend Micro Apex One/SEP Agent Privilege Escalation

/HIGH /CVSS 7.8/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitycwe-346
CVE-2026-34928: Trend Micro Apex One/SEP Agent Privilege Escalation

The National Vulnerability Database has disclosed CVE-2026-34928, an origin validation vulnerability affecting Trend Micro Apex One and Worry-Free Business Security Services (WFBS-SVC) agents. This flaw, rated High severity with a CVSSv3.1 score of 7.8, enables a local attacker to escalate privileges on affected installations.

The vulnerability is rooted in a named pipe communication mechanism, similar in nature to CVE-2026-34927. Exploitation requires an attacker to first achieve low-privileged code execution on the target system. Once that initial foothold is established, this vulnerability provides a clear path to elevated system access, allowing for deeper compromise or persistent presence.

This isn’t a zero-day requiring remote access, but it’s a critical post-exploitation vector. Defenders need to recognize that once an attacker is on the box, their goal is privilege escalation. This CVE provides exactly that. Patching these agents is non-negotiable, as it closes a significant window for attackers to pivot from user-level access to full system control.

What This Means For You

  • If your organization uses Trend Micro Apex One or Worry-Free Business Security Services (WFBS-SVC), you need to prioritize patching this agent. This vulnerability, CVE-2026-34928, allows local privilege escalation, turning a low-privileged compromise into a full system takeover. Ensure all endpoint agents are updated to the latest versions to eliminate this critical post-exploitation pathway.

Indicators of Compromise

IDTypeIndicator
CVE-2026-34928 Privilege Escalation Trend Micro Apex One agent
CVE-2026-34928 Privilege Escalation Trend Micro SEP agent
CVE-2026-34928 Privilege Escalation Origin Validation Vulnerability
CVE-2026-34928 Privilege Escalation Named pipe communication mechanism

Written by SCW Vulnerability Desk

🔎
Track Critical Vulnerabilities Use /brief to get an analyst-ready weekly threat summary with severity rankings and key IOCs.
Open Intel Bot →
Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 21, 2026 at 17:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-45208: Apex One/SEP Agent Vulnerability Allows Local Privilege Escalation

CVE-2026-45208 — A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. Please note: an...

vulnerabilityCVEhigh-severitycwe-367
/SCW Vulnerability Desk /HIGH /7.8 /⚑ 3 IOCs

CVE-2026-45207: Apex One/SEP Agent Privilege Escalation

CVE-2026-45207 — An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar...

vulnerabilityCVEhigh-severitycwe-346
/SCW Vulnerability Desk /HIGH /7.8 /⚑ 3 IOCs

CVE-2026-45206: Privilege Escalation in Apex One/SEP Agent

CVE-2026-45206 — An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar...

vulnerabilityCVEhigh-severitycwe-346
/SCW Vulnerability Desk /HIGH /7.8 /⚑ 4 IOCs