PatchSiren

Trend Micro, Inc. CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Trend Micro, Inc. CVE published 2026-05-21

CVE-2026-45208

CVE-2026-45208 is a high-severity local privilege-escalation vulnerability described as a time-of-check time-of-use (TOCTOU) issue in the Apex One/SEP agent. The published record indicates an attacker must first execute low-privileged code on the target system before attempting exploitation, which makes this a post-compromise escalation risk rather than a remote initial-access issue. NVD lists CWE-367 and [truncated]

HIGH Trend Micro, Inc. CVE published 2026-05-21

CVE-2026-45207

CVE-2026-45207 is a local privilege-escalation vulnerability in the Apex One/SEP agent’s process-protection communication path. According to the supplied description, an attacker must already be able to execute low-privileged code on the target system, but could then abuse origin validation weakness to gain elevated privileges. NVD assigns it a 7.8 HIGH score and maps it to CWE-346.

HIGH Trend Micro, Inc. CVE published 2026-05-21

CVE-2026-45206

CVE-2026-45206 is a high-severity local privilege escalation vulnerability in the Apex One/SEP agent caused by an origin validation weakness in a process-protection communication path. The issue can let a local attacker elevate privileges on affected installations, but only after they already have the ability to run low-privileged code on the target system. The NVD record cites a Trend Micro support refer [truncated]

HIGH Trend Micro, Inc. CVE published 2026-05-21

CVE-2026-34930

CVE-2026-34930 is a high-severity local privilege escalation issue in an Apex One/SEP agent protection mechanism. NVD lists it as CVSS 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and references a Trend Micro advisory. The key risk is that once an attacker can run low-privileged code on a target, the origin validation weakness may let them gain higher privileges on the same host.

HIGH Trend Micro, Inc. CVE published 2026-05-21

CVE-2026-34929

CVE-2026-34929 is a high-severity local privilege-escalation issue in an Apex One/SEP agent component. According to the CVE description, a local attacker who can already execute low-privileged code on the target system may be able to elevate privileges by abusing an origin validation weakness in a specific inter-process communication path. NVD records the issue as CVSS 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H [truncated]

HIGH Trend Micro, Inc. CVE published 2026-05-21

CVE-2026-34928

CVE-2026-34928 is a high-severity local privilege escalation vulnerability tied to origin validation in an Apex One/SEP agent communication path. According to the NVD summary, a local attacker who first achieves low-privileged code execution on the target system may be able to escalate privileges on affected installations. The issue is described as similar to CVE-2026-34927, but in a different named pipe [truncated]

HIGH Trend Micro, Inc. CVE published 2026-05-21

CVE-2026-34927

CVE-2026-34927 describes an origin validation weakness in the Apex One/SEP agent that could let a local attacker elevate privileges on affected installations. Exploitation requires the attacker to already have the ability to run low-privileged code on the target system, which keeps the issue local but still serious because the reported impact is high on confidentiality, integrity, and availability.

HIGH Trend Micro, Inc. CVE published 2026-05-21

CVE-2025-71217

CVE-2025-71217 describes an origin validation error in the Trend Micro Apex One (mac) agent self-protection mechanism. A local attacker who can already run low-privileged code on the target system could use the flaw to escalate privileges. The provided description also notes that Trend Micro had already addressed the issue through ActiveUpdate/SaaS updates in mid to late 2025.

HIGH Trend Micro, Inc. CVE published 2026-05-21

CVE-2025-71216

CVE-2025-71216 describes a time-of-check time-of-use (TOCTOU) issue in the Trend Micro Apex One (mac) agent cache mechanism that could let a local attacker escalate privileges. The vendor note says an attacker must already have the ability to execute low-privileged code on the target system. Trend Micro also states the issue had already been addressed through ActiveUpdate/SaaS updates in mid to late 2025, [truncated]

HIGH Trend Micro, Inc. CVE published 2026-05-21

CVE-2025-71215

CVE-2025-71215 describes a time-of-check time-of-use (TOCTOU) vulnerability in Trend Micro Apex One (mac) agent iCore service signature verification. An attacker would first need the ability to run low-privileged code on the target system, after which the flaw could allow privilege escalation on affected installations. Trend Micro’s note in the CVE record says the issue had already been addressed through [truncated]

HIGH Trend Micro, Inc. CVE published 2026-05-21

CVE-2025-71214

CVE-2025-71214 describes an origin validation error in the Trend Micro Apex One (mac) agent iCore service that could allow a local attacker to escalate privileges on affected installations. The attacker must already be able to execute low-privileged code on the target system. According to the vendor note supplied with the CVE reference, the issue was already addressed through ActiveUpdate/SaaS updates in [truncated]

HIGH Trend Micro, Inc. CVE published 2026-05-21

CVE-2025-71213

CVE-2025-71213 is a high-severity local privilege escalation issue affecting Trend Micro Apex One. The vulnerability is described as an origin validation error, and exploitation requires an attacker to first achieve low-privileged code execution on the target system. Once that foothold exists, the issue can be used to escalate privileges on affected installations.

HIGH Trend Micro, Inc. CVE published 2026-05-21

CVE-2025-71212

CVE-2025-71212 is a high-severity local privilege escalation affecting the Trend Micro Apex One scan engine. The supplied NVD record states that a local attacker could escalate privileges, but only after first obtaining the ability to execute low-privileged code on the target system. That prerequisite makes the issue less directly reachable than remote bugs, but it is still important on systems where untr [truncated]

CRITICAL Trend Micro, Inc. CVE published 2026-05-21

CVE-2025-71211

CVE-2025-71211 is a critical Trend Micro Apex One management-console vulnerability disclosed through responsible disclosure via the Zero Day Initiative. Trend Micro says SaaS versions were already mitigated and require no customer action, but on-prem or otherwise exposed console deployments should be treated as high priority, especially where the console is reachable beyond trusted networks.

CRITICAL Trend Micro, Inc. CVE published 2026-05-21

CVE-2025-71210

CVE-2025-71210 affects the Trend Micro Apex One management console. According to the supplied vendor description, a remote attacker who can access the console could upload malicious code and execute commands on affected installations. The vendor also states that SaaS versions have already been mitigated and that no customer action is required for those deployments. For self-managed environments, the main [truncated]