CVE-2026-34926
Published: 21 May 2026
Summary
CVE-2026-34926 is a medium-severity Relative Path Traversal (CWE-23) vulnerability in Trendmicro (inferred from references). Its CVSS base score is 6.7 (Medium).
Operationally, CISA has added it to the Known Exploited Vulnerabilities catalog.
NVD Description
A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations. This vulnerability is only exploitable…
more
on the on-premise version of Apex One and a potential attacker must have access to the Apex One Server and already obtained administrative credentials to the server via some other method to exploit this vulnerability.
Deeper analysisAI
Automated synthesis unavailable for this CVE.
Details
- CWE(s)
- OWASP Top 10 Web 2025
- KEV Date Added
- 21 May 2026
Affected Products
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-31284
Regulatory context (EU CRA / NIS2 / DORA / UK NIS Regulations)
NIS2 incident reporting (active exploitation)
Active exploitation triggers mandatory incident-reporting obligations under NIS2 Article 23 for EU operators of essential and important entities (24-hour early warning, 72-hour update, 1-month final report). UK NIS Regulations 2018 impose equivalent timelines on designated operators of essential services.
EU Cyber Resilience Act — coordinated disclosure
Critical and high-severity vulnerabilities in products with digital elements may trigger coordinated-disclosure obligations under the EU Cyber Resilience Act (CRA, Regulation 2024/2847). Manufacturers placing products on the EU market must notify ENISA and the relevant CSIRTs without undue delay once active exploitation is known.