22 May 2026
Reference: CVE-2026-34926
1. What is being reported?
The report highlights a vulnerability in Trend Micro Apex One that allows attackers to perform 'directory traversal'. This means they could access files and data they shouldn’t be able to, by exploiting a weakness in the software’s design.
2. What this means in plain English
If your organisation uses this software and it is not protected, attackers could gain unauthorised access to important files or systems. This could lead to data theft, disruption, or further attacks on your network.
3. Could this affect a small business?
Small businesses or charities using Trend Micro Apex One on their premises could be affected. Those not using this product or only using cloud-based versions with proper protections are less likely to be impacted.
4. What to do now
- Check if your organisation uses Trend Micro Apex One software on-premise.
- Contact your IT provider or software supplier immediately to confirm if mitigations or updates are available.
- Apply any recommended security patches or follow vendor instructions to reduce risk.
- If no fix is available, consider discontinuing use of the product until it is safe.
5. Ask your IT provider
Can you confirm if our Trend Micro Apex One software is affected by the CVE-2026-34926 vulnerability, and what steps are being taken to protect us?
6. Bottom line
If you use Trend Micro Apex One, act quickly to check and apply protections to avoid being targeted by attackers.
Information based on CISA KEV, reputable security reports, and vendor advisories.