CVE-2026-34926
6.7 MEDIUMA directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key ta...
Published: 2026-05-21 · Last updated: 2026-05-21
Severity and scoring
- CVSS
- 6.7 MEDIUM
- Vector
- CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L
- CWE
- CWE-23
Description
A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations. This vulnerability is only exploitable on the on-premise version of Apex One and a potential attacker must have access to the Apex One Server and already obtained administrative credentials to the server via some other method to exploit this vulnerability.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-34926
- [Other]https://jvn.jp/en/vu/JVNVU90583059/
- [Other]https://success.trendmicro.com/en-US/solution/KA-0023430
- [Other]https://success.trendmicro.com/ja-JP/solution/KA-0022974
- [Other]https://www.jpcert.or.jp/english/at/2026/at260014.html
- [Other]https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34926
Related CVEs
Same CWE
- CVE-2026-34026 — Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a path traversal vulnerability in the documentName parameter ...
- CVE-2026-48569 — Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally (7.1 HIGH)
- CVE-2026-47287 — Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a network (6.5 MEDIUM)
- CVE-2026-48681 — OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image (5.9 MEDIUM)
- CVE-2026-5422 — A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the _get_os_p... (8.1 HIGH)