{
  "title": "Trend Micro Apex One CVE-2026-34926: KEV Server Build Exposure",
  "summary": "CISA added Trend Micro Apex One CVE-2026-34926 to KEV on 2026-05-21. Trend Micro reports at least one in-the-wild attempt and fixed builds 17079, 18012, and 14.0.20731; this article provides build-export and agent-deployment audit scripts.",
  "date": "2026-05-26",
  "severity": "high",
  "tags": [
    "trend-micro",
    "apex-one",
    "cisa-kev",
    "zero-day",
    "vulnerability-response"
  ],
  "sources_count": 3,
  "indicators": {
    "slug": "trend-micro-apex-one-cve-2026-34926-kev",
    "since": "2026-05-26T00:00:00Z",
    "until": "2026-05-26T23:59:59Z",
    "ecosystem": "",
    "cves": [
      "CVE-2026-34926"
    ],
    "cwes": [
      "CWE-23"
    ],
    "advisoryIds": [],
    "products": [
      "Apex One on-premise",
      "Apex One 2019",
      "Apex One as a Service",
      "Trend Vision One SEP"
    ],
    "packages": [],
    "versions": [],
    "affectedVersions": [
      "Apex One 2019 on-prem Server and Agent builds below 17079",
      "Apex One as a Service / Trend Vision One SEP agent builds below 14.0.20731"
    ],
    "fixedVersions": [
      "Apex One on-prem SP1 CP Build 18012 for existing SP1 users",
      "Apex One on-prem SP1 Build 17079 for new installs",
      "Security Agent build 14.0.20731",
      "17079",
      "18012",
      "14.0.20731"
    ],
    "files": [],
    "paths": [],
    "services": [],
    "domains": [],
    "urls": [],
    "ips": [],
    "hashes": [],
    "processPatterns": [],
    "networkPatterns": [],
    "telemetrySelectors": [
      "Apex One",
      "key table",
      "agent deployment",
      "CWE-23",
      "CP Build 18012"
    ]
  }
}