CVE-2026-34930: Trend Micro Apex One/SEP Agent Privilege Escalation

/HIGH /CVSS 7.8/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitycwe-346
CVE-2026-34930: Trend Micro Apex One/SEP Agent Privilege Escalation

The National Vulnerability Database has disclosed CVE-2026-34930, an origin validation vulnerability affecting Trend Micro Apex One and Worry-Free Business Security (WFBS) agents. This flaw, rated with a CVSS score of 7.8 (High), allows a local attacker to escalate privileges on compromised systems. It’s a critical bypass, similar in nature to CVE-2026-34927, but targets a distinct process protection mechanism.

Successful exploitation requires an attacker to first gain low-privileged code execution on the target system. Once that foothold is established, this vulnerability provides the avenue for a local attacker to elevate their privileges, potentially leading to full system compromise. This is a classic chained attack scenario where an initial, less severe compromise is amplified to full control.

For defenders, this means that even if an initial exploit grants only limited access, this CVE can be the stepping stone to administrative rights. Organizations relying on Trend Micro Apex One or WFBS must prioritize patching. This isn’t theoretical; attackers actively look for these privilege escalation paths to solidify their presence and move laterally.

What This Means For You

  • If your organization uses Trend Micro Apex One or Worry-Free Business Security (WFBS) agents, this CVE-2026-34930 is a critical privilege escalation path. Prioritize identifying and patching all affected installations immediately. Even if you believe your endpoints are secure, an attacker with low-level access can leverage this to gain full control.

Indicators of Compromise

IDTypeIndicator
CVE-2026-34930 Privilege Escalation Trend Micro Apex One agent
CVE-2026-34930 Privilege Escalation Trend Micro Worry-Free Business Security Services agent
CVE-2026-34930 Privilege Escalation origin validation vulnerability

Written by SCW Vulnerability Desk

🔎
Check for related Trend Micro threats Use /org trendmicro.com to see the latest threats and advisories involving Trend Micro products.
Open Intel Bot →
Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 21, 2026 at 17:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-45208: Apex One/SEP Agent Vulnerability Allows Local Privilege Escalation

CVE-2026-45208 — A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. Please note: an...

vulnerabilityCVEhigh-severitycwe-367
/SCW Vulnerability Desk /HIGH /7.8 /⚑ 3 IOCs

CVE-2026-45207: Apex One/SEP Agent Privilege Escalation

CVE-2026-45207 — An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar...

vulnerabilityCVEhigh-severitycwe-346
/SCW Vulnerability Desk /HIGH /7.8 /⚑ 3 IOCs

CVE-2026-45206: Privilege Escalation in Apex One/SEP Agent

CVE-2026-45206 — An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar...

vulnerabilityCVEhigh-severitycwe-346
/SCW Vulnerability Desk /HIGH /7.8 /⚑ 4 IOCs