TrendAI, Development Micro’s enterprise enterprise, has knowledgeable prospects that it has patched one other Apex One vulnerability that has been exploited within the wild.
The zero-day, tracked as CVE-2026-34926, is a medium-severity listing traversal subject that may be exploited by an unauthenticated native attacker to “modify a key desk on the server to inject malicious code to deploy to brokers on affected installations”.
TrendAI famous that the attacker requires admin credentials to the server, and the assault solely works in opposition to the on-premises model of Apex One.
No info has been shared by the cybersecurity agency on the assaults exploiting the most recent zero-day. The vulnerability was found internally by TrendAI’s incident response workforce.
It’s not unusual for risk actors to use vulnerabilities in Apex merchandise, however attribution info is never made public. Some previous assaults have been linked to Chinese language state-sponsored hackers, and given the entry required to use CVE-2026-34926, it’s doubtless that this vulnerability has additionally been exploited by an APT.
CISA added CVE-2026-34926 to its Recognized Exploited Vulnerabilities (KEV) catalog on Thursday, instructing federal businesses to handle it by June 4.
CISA’s KEV catalog at present consists of 10 different CVEs assigned to Apex flaws.
Along with CVE-2026-34926, the most recent Apex One updates handle a number of different vulnerabilities — all of them are high-severity points that may be exploited for native privilege escalation.
“Exploiting these kind of vulnerabilities typically require that an attacker has entry (bodily or distant) to a susceptible machine. Along with well timed utility of patches and up to date options, prospects are additionally suggested to evaluate distant entry to crucial techniques and guarantee insurance policies and perimeter security is up-to-date,” TrendAI stated in its advisory.
