{
	"document" : {
		"category" : "csaf_security_advisory",
		"csaf_version" : "2.0",
		"distribution" : {
			"tlp" : {
				"label" : "WHITE",
				"url" : "https://www.first.org/tlp/"
			}
		},
		"lang" : "en-US",
		"notes" : [
			{
				"category" : "summary",
				"text" : "TrendAI has released updates to Apex One (on-premise), Apex One as a Service and Vision One - Standard Endpoint Protection (SEP) to resolve multiple vulnerabilities. ! ITW Notification: TrendAI has observed at least one instance of an attempt to actively exploit one of these vulnerabilities in the wild.",
				"title" : "Summary"
			},
			{
				"category" : "legal_disclaimer",
				"text" : "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. TREND MICRO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\n\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Trend Micro products.",
				"title" : "Disclaimer"
			},
			{
				"category" : "legal_disclaimer",
				"text" : "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/legalcode) If you distribute this content, or a modified version of it, you must provide attribution to Trend Micro, Inc. and provide a link to the original.",
				"title" : "Document License"
			},
			{
				"category" : "summary",
				"text" : "Exploiting these type of vulnerabilities generally require that an attacker has access (physical or remote) to a vulnerable machine. In addition to timely application of patches and updated solutions, customers are also advised to review remote access to critical systems and ensure policies and perimeter security is up-to-date.",
				"title" : "Mitigating Factors"
			}
		],
		"publisher" : {
			"category" : "vendor",
			"contact_details" : "security@trendmicro.com",
			"issuing_authority" : "TrendAI PSIRT is responsible for vulnerability handling across all TrendAI supported products, including any end-of-life products.",
			"name" : "TrendAI (Trend Micro) PSIRT",
			"namespace" : "https://www.trendmicro.com/vulnerability"
		},
		"references" : [
			{
				"category" : "self",
				"summary" : "TrendAI Security Bulletin",
				"url" : "https://success.trendmicro.com/en-US/solution/KA-0023430"
			},
			{
				"category" : "self",
				"summary" : "2026-0521-TM-A1-001 - CSAF Version",
				"url" : "https://www.trendmicro.com/.well-known/csaf/2026/2026-0521-tm-a1-001.json"
			}
		],
		"title" : "ITW SECURITY BULLETIN: Apex One and Vision One and Standard Endpoint Protection (SEP) May 2026 Security Bulletin",
		"tracking" : {
			"aliases" : [ "KA-0019917" ],
			"current_release_date" : "2026-05-21T13:00:00.000Z",
			"generator" : {
				"date" : "2026-05-19T14:43:54.988Z",
				"engine" : {
					"name" : "Secvisogram",
					"version" : "2.6.1"
				}
			},
			"id" : "2026-0521-TM-A1-001",
			"initial_release_date" : "2026-05-21T13:00:00.000Z",
			"revision_history" : [
				{
					"date" : "2026-05-21T13:00:00.000Z",
					"number" : "1",
					"summary" : "Initial version."
				}
			],
			"status" : "final",
			"version" : "1"
		}
	},
	"product_tree" : {
		"branches" : [
			{
				"branches" : [
					{
						"branches" : [
							{
								"category" : "product_version_range",
								"name" : "vers:intdot/<14.0.0.17079",
								"product" : {
									"name" : "Trend Micro Apex One (2019) On-prem<14.0.0.17079",
									"product_id" : "TM-A1-001"
								}
							},
							{
								"category" : "product_version",
								"name" : "14.0.0.17079",
								"product" : {
									"name" : "Trend Micro Apex One (2019) On-prem SP1 CP Build 17079",
									"product_id" : "TM-A1-002",
									"product_identification_helper" : {
										"cpe" : "cpe:2.3:a:trendmicro:apexone_op:14.0.0.17079:*:*:*:*:*:*:*"
									}
								}
							}
						],
						"category" : "product_name",
						"name" : "Apex One"
					},
					{
						"branches" : [
							{
								"category" : "product_version_range",
								"name" : "vers:intdot/<14.0.20731",
								"product" : {
									"name" : "Trend Micro Apex One as a Service <14.0.20731",
									"product_id" : "TM-A1SAAS-001"
								}
							},
							{
								"category" : "product_version",
								"name" : "14.0.20731",
								"product" : {
									"name" : "Trend Micro Apex One as a Service 14.0.20731",
									"product_id" : "TM-A1SAAS-002",
									"product_identification_helper" : {
										"cpe" : "cpe:2.3:a:trendmicro:apexone_saas:14.0.0.20731:*:*:*:*:*:*:*"
									}
								}
							}
						],
						"category" : "product_name",
						"name" : "Apex One as a Service"
					},
					{
						"branches" : [
							{
								"category" : "product_version_range",
								"name" : "vers:intdot/<14.0.0.17079",
								"product" : {
									"name" : "Trend Micro Apex One (2019) On-prem Security Agent<14.0.0.17079",
									"product_id" : "TM-A1-003"
								}
							},
							{
								"category" : "product_version",
								"name" : "14.0.0.17079",
								"product" : {
									"name" : "Trend Micro Apex One (2019) On-prem Security Agent SP1 CP Build 17079",
									"product_id" : "TM-A1-004"
								}
							}
						],
						"category" : "product_name",
						"name" : "Apex One Security Agent"
					},
					{
						"branches" : [
							{
								"category" : "product_version_range",
								"name" : "vers:intdot/<14.0.20731",
								"product" : {
									"name" : "Trend Micro Apex One as a Service Agent<14.0.20731",
									"product_id" : "TM-A1SAAS-003"
								}
							},
							{
								"category" : "product_version",
								"name" : "14.0.20731",
								"product" : {
									"name" : "Trend Micro Apex One as a Service Security Agent 14.0.20731",
									"product_id" : "TM-A1SAAS-004"
								}
							}
						],
						"category" : "product_name",
						"name" : "Apex One as a Service Security Agent"
					}
				],
				"category" : "vendor",
				"name" : "Trend Micro"
			}
		]
	},
	"vulnerabilities" : [
		{
			"acknowledgments" : [
				{
					"names" : [ "TrendAI Incident Response (IR) Team" ]
				}
			],
			"cve" : "CVE-2026-34926",
			"cwe" : {
				"id" : "CWE-23",
				"name" : "Relative Path Traversal"
			},
			"notes" : [
				{
					"category" : "description",
					"text" : "A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations.",
					"title" : "CVE description"
				},
				{
					"category" : "description",
					"text" : "This vulnerability is only exploitable on the on-premise version of Apex One and a potential attacker must have access to the Apex One Server and already obtained administrative credentials to the server via some other method to exploit this vulnerability.",
					"title" : "Preconditions"
				}
			],
			"product_status" : {
				"fixed" : [ "TM-A1-002", "TM-A1-004", "TM-A1SAAS-002", "TM-A1SAAS-004" ],
				"known_affected" : [ "TM-A1-001", "TM-A1-003", "TM-A1SAAS-001", "TM-A1SAAS-003" ]
			},
			"remediations" : [
				{
					"category" : "vendor_fix",
					"date" : "2026-05-21T13:00:00.000Z",
					"details" : "Update to SP1 CP Build 17079 or later",
					"product_ids" : [ "TM-A1-001", "TM-A1-003" ],
					"url" : "http://downloadcenter.trendmicro.com/"
				},
				{
					"category" : "vendor_fix",
					"date" : "2026-05-21T13:00:00.000Z",
					"details" : "Update to Security Agent Version 14.0.20731 or later",
					"product_ids" : [ "TM-A1SAAS-001", "TM-A1SAAS-003" ],
					"url" : "https://success.trendmicro.com/en-US/solution/KA-0019917"
				}
			],
			"scores" : [
				{
					"cvss_v3" : {
						"attackComplexity" : "HIGH",
						"attackVector" : "LOCAL",
						"availabilityImpact" : "LOW",
						"baseScore" : 6.7,
						"baseSeverity" : "MEDIUM",
						"confidentialityImpact" : "HIGH",
						"environmentalScore" : 6.6,
						"environmentalSeverity" : "MEDIUM",
						"integrityImpact" : "LOW",
						"privilegesRequired" : "HIGH",
						"scope" : "CHANGED",
						"temporalScore" : 6.7,
						"temporalSeverity" : "MEDIUM",
						"userInteraction" : "NONE",
						"vectorString" : "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L",
						"version" : "3.1"
					},
					"products" : [ "TM-A1-001", "TM-A1-003", "TM-A1SAAS-001", "TM-A1SAAS-003" ]
				}
			],
			"title" : "Server Directory Traversal Vulnerability"
		},
		{
			"acknowledgments" : [
				{
					"names" : [ "Lays (@_L4ys)" ],
					"organization" : "TRAPA Security",
					"summary" : "working with Trend Micro's Zero Day Initiative"
				}
			],
			"cve" : "CVE-2026-34927",
			"cwe" : {
				"id" : "CWE-346",
				"name" : "Origin Validation Error"
			},
			"notes" : [
				{
					"category" : "description",
					"text" : "An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations.",
					"title" : "CVE description"
				},
				{
					"category" : "description",
					"text" : "Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
					"title" : "Preconditions"
				}
			],
			"product_status" : {
				"fixed" : [ "TM-A1-002", "TM-A1-004" ],
				"known_affected" : [ "TM-A1-001", "TM-A1-003" ]
			},
			"references" : [
				{
					"category" : "external",
					"summary" : "ZDI-CAN-27959",
					"url" : "https://www.zerodayinitiative.com/advisories/ZDI-25-362/"
				}
			],
			"remediations" : [
				{
					"category" : "vendor_fix",
					"date" : "2026-05-21T13:00:00.000Z",
					"details" : "Update to SP1 CP Build 17079 or later",
					"product_ids" : [ "TM-A1-001", "TM-A1-003" ],
					"url" : "http://downloadcenter.trendmicro.com/"
				},
				{
					"category" : "vendor_fix",
					"date" : "2026-05-21T13:00:00.000Z",
					"details" : "Update to Security Agent Version 14.0.20731 or later",
					"product_ids" : [ "TM-A1SAAS-001", "TM-A1SAAS-003" ],
					"url" : "https://success.trendmicro.com/en-US/solution/KA-0019917"
				}
			],
			"scores" : [
				{
					"cvss_v3" : {
						"attackComplexity" : "LOW",
						"attackVector" : "LOCAL",
						"availabilityImpact" : "HIGH",
						"baseScore" : 7.8,
						"baseSeverity" : "HIGH",
						"confidentialityImpact" : "HIGH",
						"environmentalScore" : 7.8,
						"environmentalSeverity" : "HIGH",
						"integrityImpact" : "HIGH",
						"privilegesRequired" : "LOW",
						"scope" : "UNCHANGED",
						"temporalScore" : 7.8,
						"temporalSeverity" : "HIGH",
						"userInteraction" : "NONE",
						"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
						"version" : "3.1"
					},
					"products" : [ "TM-A1-001", "TM-A1-003" ]
				}
			],
			"title" : "Security Agent Origin Validation Error Local Privilege Vulnerability"
		},
		{
			"acknowledgments" : [
				{
					"names" : [ "Lays (@_L4ys)" ],
					"organization" : "TRAPA Security",
					"summary" : "working with Trend Micro's Zero Day Initiative"
				}
			],
			"cve" : "CVE-2026-34927",
			"cwe" : {
				"id" : "CWE-346",
				"name" : "Origin Validation Error"
			},
			"notes" : [
				{
					"category" : "description",
					"text" : "An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations.",
					"title" : "CVE description"
				},
				{
					"category" : "description",
					"text" : "Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
					"title" : "Preconditions"
				}
			],
			"product_status" : {
				"fixed" : [ "TM-A1-002", "TM-A1-004" ],
				"known_affected" : [ "TM-A1-001", "TM-A1-003" ]
			},
			"references" : [
				{
					"category" : "external",
					"summary" : "ZDI-CAN-27959",
					"url" : "https://www.zerodayinitiative.com/advisories/ZDI-25-362/"
				}
			],
			"remediations" : [
				{
					"category" : "vendor_fix",
					"date" : "2026-05-21T13:00:00.000Z",
					"details" : "Update to SP1 CP Build 17079 or later",
					"product_ids" : [ "TM-A1-001", "TM-A1-003" ],
					"url" : "http://downloadcenter.trendmicro.com/"
				},
				{
					"category" : "vendor_fix",
					"date" : "2026-05-21T13:00:00.000Z",
					"details" : "Update to Security Agent Version 14.0.20731 or later",
					"product_ids" : [ "TM-A1SAAS-001", "TM-A1SAAS-003" ],
					"url" : "https://success.trendmicro.com/en-US/solution/KA-0019917"
				}
			],
			"scores" : [
				{
					"cvss_v3" : {
						"attackComplexity" : "LOW",
						"attackVector" : "LOCAL",
						"availabilityImpact" : "HIGH",
						"baseScore" : 7.8,
						"baseSeverity" : "HIGH",
						"confidentialityImpact" : "HIGH",
						"environmentalScore" : 7.8,
						"environmentalSeverity" : "HIGH",
						"integrityImpact" : "HIGH",
						"privilegesRequired" : "LOW",
						"scope" : "UNCHANGED",
						"temporalScore" : 7.8,
						"temporalSeverity" : "HIGH",
						"userInteraction" : "NONE",
						"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
						"version" : "3.1"
					},
					"products" : [ "TM-A1-001", "TM-A1-003" ]
				}
			],
			"title" : "Security Agent Origin Validation Error Local Privilege Vulnerability"
		},
		{
			"acknowledgments" : [
				{
					"names" : [ "Lays (@_L4ys)" ],
					"organization" : "TRAPA Security",
					"summary" : "working with Trend Micro's Zero Day Initiative"
				}
			],
			"cve" : "CVE-2026-34929",
			"cwe" : {
				"id" : "CWE-346",
				"name" : "Origin Validation Error"
			},
			"notes" : [
				{
					"category" : "description",
					"text" : "An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different inter-process communication mechanism.",
					"title" : "CVE description"
				},
				{
					"category" : "description",
					"text" : "Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
					"title" : "Preconditions"
				}
			],
			"product_status" : {
				"fixed" : [ "TM-A1-002", "TM-A1-004" ],
				"known_affected" : [ "TM-A1-001", "TM-A1-003" ]
			},
			"references" : [
				{
					"category" : "external",
					"summary" : "ZDI-CAN-28077",
					"url" : "https://www.zerodayinitiative.com/advisories/ZDI-25-362/"
				}
			],
			"remediations" : [
				{
					"category" : "vendor_fix",
					"date" : "2026-05-21T13:00:00.000Z",
					"details" : "Update to SP1 CP Build 17079 or later",
					"product_ids" : [ "TM-A1-001", "TM-A1-003" ],
					"url" : "http://downloadcenter.trendmicro.com/"
				},
				{
					"category" : "vendor_fix",
					"date" : "2026-05-21T13:00:00.000Z",
					"details" : "Update to Security Agent Version 14.0.20731 or later",
					"product_ids" : [ "TM-A1SAAS-001", "TM-A1SAAS-003" ],
					"url" : "https://success.trendmicro.com/en-US/solution/KA-0019917"
				}
			],
			"scores" : [
				{
					"cvss_v3" : {
						"attackComplexity" : "LOW",
						"attackVector" : "LOCAL",
						"availabilityImpact" : "HIGH",
						"baseScore" : 7.8,
						"baseSeverity" : "HIGH",
						"confidentialityImpact" : "HIGH",
						"environmentalScore" : 7.8,
						"environmentalSeverity" : "HIGH",
						"integrityImpact" : "HIGH",
						"privilegesRequired" : "LOW",
						"scope" : "UNCHANGED",
						"temporalScore" : 7.8,
						"temporalSeverity" : "HIGH",
						"userInteraction" : "NONE",
						"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
						"version" : "3.1"
					},
					"products" : [ "TM-A1-001", "TM-A1-003" ]
				}
			],
			"title" : "Security Agent Origin Validation Error Local Privilege Vulnerability"
		},
		{
			"acknowledgments" : [
				{
					"names" : [ "Lays (@_L4ys)" ],
					"organization" : "TRAPA Security",
					"summary" : "working with Trend Micro's Zero Day Initiative"
				}
			],
			"cve" : "CVE-2026-34930",
			"cwe" : {
				"id" : "CWE-346",
				"name" : "Origin Validation Error"
			},
			"notes" : [
				{
					"category" : "description",
					"text" : "An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different process protection mechanism.",
					"title" : "CVE description"
				},
				{
					"category" : "description",
					"text" : "Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
					"title" : "Preconditions"
				}
			],
			"product_status" : {
				"fixed" : [ "TM-A1-002", "TM-A1-004" ],
				"known_affected" : [ "TM-A1-001", "TM-A1-003" ]
			},
			"references" : [
				{
					"category" : "external",
					"summary" : "ZDI-CAN-28089",
					"url" : "https://www.zerodayinitiative.com/advisories/ZDI-25-362/"
				}
			],
			"remediations" : [
				{
					"category" : "vendor_fix",
					"date" : "2026-05-21T13:00:00.000Z",
					"details" : "Update to SP1 CP Build 17079 or later",
					"product_ids" : [ "TM-A1-001", "TM-A1-003" ],
					"url" : "http://downloadcenter.trendmicro.com/"
				},
				{
					"category" : "vendor_fix",
					"date" : "2026-05-21T13:00:00.000Z",
					"details" : "Update to Security Agent Version 14.0.20731 or later",
					"product_ids" : [ "TM-A1SAAS-001", "TM-A1SAAS-003" ],
					"url" : "https://success.trendmicro.com/en-US/solution/KA-0019917"
				}
			],
			"scores" : [
				{
					"cvss_v3" : {
						"attackComplexity" : "LOW",
						"attackVector" : "LOCAL",
						"availabilityImpact" : "HIGH",
						"baseScore" : 7.8,
						"baseSeverity" : "HIGH",
						"confidentialityImpact" : "HIGH",
						"environmentalScore" : 7.8,
						"environmentalSeverity" : "HIGH",
						"integrityImpact" : "HIGH",
						"privilegesRequired" : "LOW",
						"scope" : "UNCHANGED",
						"temporalScore" : 7.8,
						"temporalSeverity" : "HIGH",
						"userInteraction" : "NONE",
						"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
						"version" : "3.1"
					},
					"products" : [ "TM-A1-001", "TM-A1-003" ]
				}
			],
			"title" : "Security Agent Origin Validation Error Local Privilege Vulnerability"
		},
		{
			"acknowledgments" : [
				{
					"names" : [ "Lays (@_L4ys)" ],
					"organization" : "TRAPA Security",
					"summary" : "working with Trend Micro's Zero Day Initiative"
				}
			],
			"cve" : "CVE-2026-45206",
			"cwe" : {
				"id" : "CWE-346",
				"name" : "Origin Validation Error"
			},
			"notes" : [
				{
					"category" : "description",
					"text" : "An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45207 but exists in a different process protection communication mechanism.",
					"title" : "CVE description"
				},
				{
					"category" : "description",
					"text" : "Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
					"title" : "Preconditions"
				}
			],
			"product_status" : {
				"fixed" : [ "TM-A1-002", "TM-A1-004" ],
				"known_affected" : [ "TM-A1-001", "TM-A1-003" ]
			},
			"references" : [
				{
					"category" : "external",
					"summary" : "ZDI-CAN-28118",
					"url" : "https://www.zerodayinitiative.com/advisories/ZDI-25-362/"
				}
			],
			"remediations" : [
				{
					"category" : "vendor_fix",
					"date" : "2026-05-21T13:00:00.000Z",
					"details" : "Update to SP1 CP Build 17079 or later",
					"product_ids" : [ "TM-A1-001", "TM-A1-003" ],
					"url" : "http://downloadcenter.trendmicro.com/"
				},
				{
					"category" : "vendor_fix",
					"date" : "2026-05-21T13:00:00.000Z",
					"details" : "Update to Security Agent Version 14.0.20731 or later",
					"product_ids" : [ "TM-A1SAAS-001", "TM-A1SAAS-003" ],
					"url" : "https://success.trendmicro.com/en-US/solution/KA-0019917"
				}
			],
			"scores" : [
				{
					"cvss_v3" : {
						"attackComplexity" : "LOW",
						"attackVector" : "LOCAL",
						"availabilityImpact" : "HIGH",
						"baseScore" : 7.8,
						"baseSeverity" : "HIGH",
						"confidentialityImpact" : "HIGH",
						"environmentalScore" : 7.8,
						"environmentalSeverity" : "HIGH",
						"integrityImpact" : "HIGH",
						"privilegesRequired" : "LOW",
						"scope" : "UNCHANGED",
						"temporalScore" : 7.8,
						"temporalSeverity" : "HIGH",
						"userInteraction" : "NONE",
						"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
						"version" : "3.1"
					},
					"products" : [ "TM-A1-001", "TM-A1-003" ]
				}
			],
			"title" : "Security Agent Origin Validation Error Local Privilege Vulnerability"
		},
		{
			"acknowledgments" : [
				{
					"names" : [ "Lays (@_L4ys)" ],
					"organization" : "TRAPA Security",
					"summary" : "working with Trend Micro's Zero Day Initiative"
				}
			],
			"cve" : "CVE-2026-45207",
			"cwe" : {
				"id" : "CWE-346",
				"name" : "Origin Validation Error"
			},
			"notes" : [
				{
					"category" : "description",
					"text" : "An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45206 but exists in a different process protection communication mechanism.",
					"title" : "CVE description"
				},
				{
					"category" : "description",
					"text" : "Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
					"title" : "Preconditions"
				}
			],
			"product_status" : {
				"fixed" : [ "TM-A1-002", "TM-A1-004" ],
				"known_affected" : [ "TM-A1-001", "TM-A1-003" ]
			},
			"references" : [
				{
					"category" : "external",
					"summary" : "ZDI-CAN-29177",
					"url" : "https://www.zerodayinitiative.com/advisories/ZDI-25-362/"
				}
			],
			"remediations" : [
				{
					"category" : "vendor_fix",
					"date" : "2026-05-21T13:00:00.000Z",
					"details" : "Update to SP1 CP Build 17079 or later",
					"product_ids" : [ "TM-A1-001", "TM-A1-003" ],
					"url" : "http://downloadcenter.trendmicro.com/"
				},
				{
					"category" : "vendor_fix",
					"date" : "2026-05-21T13:00:00.000Z",
					"details" : "Update to Security Agent Version 14.0.20731 or later",
					"product_ids" : [ "TM-A1SAAS-001", "TM-A1SAAS-003" ],
					"url" : "https://success.trendmicro.com/en-US/solution/KA-0019917"
				}
			],
			"scores" : [
				{
					"cvss_v3" : {
						"attackComplexity" : "LOW",
						"attackVector" : "LOCAL",
						"availabilityImpact" : "HIGH",
						"baseScore" : 7.8,
						"baseSeverity" : "HIGH",
						"confidentialityImpact" : "HIGH",
						"environmentalScore" : 7.8,
						"environmentalSeverity" : "HIGH",
						"integrityImpact" : "HIGH",
						"privilegesRequired" : "LOW",
						"scope" : "UNCHANGED",
						"temporalScore" : 7.8,
						"temporalSeverity" : "HIGH",
						"userInteraction" : "NONE",
						"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
						"version" : "3.1"
					},
					"products" : [ "TM-A1-001", "TM-A1-003" ]
				}
			],
			"title" : "Security Agent Origin Validation Error Local Privilege Vulnerability"
		},
		{
			"acknowledgments" : [
				{
					"names" : [ "Lays (@_L4ys)" ],
					"organization" : "TRAPA Security",
					"summary" : "working with Trend Micro's Zero Day Initiative"
				}
			],
			"cve" : "CVE-2026-45208",
			"cwe" : {
				"id" : "CWE-346",
				"name" : "Origin Validation Error"
			},
			"notes" : [
				{
					"category" : "description",
					"text" : "A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations.",
					"title" : "CVE description"
				},
				{
					"category" : "description",
					"text" : "Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
					"title" : "Preconditions"
				}
			],
			"product_status" : {
				"fixed" : [ "TM-A1-002", "TM-A1-004" ],
				"known_affected" : [ "TM-A1-001", "TM-A1-003" ]
			},
			"references" : [
				{
					"category" : "external",
					"summary" : "ZDI-CAN-27982",
					"url" : "https://www.zerodayinitiative.com/advisories/ZDI-25-362/"
				}
			],
			"remediations" : [
				{
					"category" : "vendor_fix",
					"date" : "2026-05-21T13:00:00.000Z",
					"details" : "Update to SP1 CP Build 17079 or later",
					"product_ids" : [ "TM-A1-001", "TM-A1-003" ],
					"url" : "http://downloadcenter.trendmicro.com/"
				},
				{
					"category" : "vendor_fix",
					"date" : "2026-05-21T13:00:00.000Z",
					"details" : "Update to Security Agent Version 14.0.20731 or later",
					"product_ids" : [ "TM-A1SAAS-001", "TM-A1SAAS-003" ],
					"url" : "https://success.trendmicro.com/en-US/solution/KA-0019917"
				}
			],
			"scores" : [
				{
					"cvss_v3" : {
						"attackComplexity" : "LOW",
						"attackVector" : "LOCAL",
						"availabilityImpact" : "HIGH",
						"baseScore" : 7.8,
						"baseSeverity" : "HIGH",
						"confidentialityImpact" : "HIGH",
						"environmentalScore" : 7.8,
						"environmentalSeverity" : "HIGH",
						"integrityImpact" : "HIGH",
						"privilegesRequired" : "LOW",
						"scope" : "UNCHANGED",
						"temporalScore" : 7.8,
						"temporalSeverity" : "HIGH",
						"userInteraction" : "NONE",
						"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
						"version" : "3.1"
					},
					"products" : [ "TM-A1-001", "TM-A1-003" ]
				}
			],
			"title" : "Security Agent Time-Of-Check Time-Of-Use Local Privilege Vulnerability"
		}
	]
}
