| Title | トレンドマイクロ製企業向けエンドポイントセキュリティ製品における複数の脆弱性(2026年5月) |
|---|---|
| Summary | トレンドマイクロ製企業向けエンドポイントセキュリティ製品には、次の複数の脆弱性が存在します。<ul><li>Apex Oneサーバにおける相対パストラバーサル(CWE-23) - CVE-2026-34926<ul><li>本脆弱性はTrendAI Apex One(オンプレミス版)でのみ悪用可能です</li></ul></li><li>セキュリティエージェントにおけるオリジン確認エラー(CWE-346) - CVE-2026-34927、CVE-2026-34928、CVE-2026-34929、CVE-2026-34930、CVE-2026-45206、CVE-2026-45207</li><li>セキュリティエージェントにおけるTime-of-check Time-of-use(TOCTOU)競合状態(CWE-367) - CVE-2026-45208</li></ul>開発者によると、CVE-2026-34926を悪用する攻撃が既に確認されているとのことです。 この脆弱性情報は、製品利用者への周知を目的に、開発者がJPCERT/CCに報告し、JPCERT/CCが開発者との調整を行いました。 |
| Possible impacts | 想定される影響は各脆弱性により異なりますが、次のような影響を受ける可能性があります。<ul><li>Apex Oneサーバに管理者権限でアクセス可能な攻撃者によってサーバ上のファイルを改ざんされ、結果として細工したコードをセキュリティエージェントに配布される(CVE-2026-34926)</li><li>セキュリティエージェントにアクセス可能な攻撃者によって、権限昇格される(CVE-2026-34927、CVE-2026-34928、CVE-2026-34929、CVE-2026-34930、CVE-2026-45206、CVE-2026-45207、CVE-2026-45208)</li></ul> |
| Solution | [パッチを適用する] 開発者が提供する情報をもとにパッチを適用してください。 開発者は本脆弱性の対策として次のパッチをリリースしています。 <ul> <li>TrendAI Apex One(オンプレミス版) <ul> <li>サーバ:Service Pack 1 Critical Patch B18012</li> <li>セキュリティエージェント:Agent Build 14.0.18012</li> </ul> </li> <li>Trend Micro Apex One as a Service <ul> <li>サーバ:2026年4月のメンテナンスで修正済</li> <li>セキュリティエージェント:Agent Build 14.0.20731</li> </ul> </li> <li>Trend Vision One Endpoint Security - Standard Endpoint Protection <ul> <li>サーバ:2026年4月のメンテナンスで修正済</li> <li>セキュリティエージェント:Agent Build 14.0.20731</li> </ul> </li> </ul> |
| Publication Date | May 21, 2026, midnight |
| Registration Date | May 22, 2026, 3:32 p.m. |
| Last Update | May 22, 2026, 3:32 p.m. |
| CVSS3.0 : 警告 | |
| Score | 6.7 |
|---|---|
| Vector | CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L |
| トレンドマイクロ |
| Trend Micro Apex One as a Service サーバ:2026年4月のメンテナンスより前 |
| Trend Micro Apex One as a Service セキュリティエージェント:Agent Build 14.0.20731より前 |
| TrendAI Apex One (オンプレミス版) サーバ:Build 17079より前 |
| TrendAI Apex One (オンプレミス版) セキュリティエージェント:Agent Build 14.0.17079より前 |
| TrendAI Vision One Endpoint Security - Standard Endpoint Protection サーバ:2026年4月のメンテナンスより前 |
| TrendAI Vision One Endpoint Security - Standard Endpoint Protection セキュリティエージェント:Agent Build 14.0.20731より前 |
| No | Changed Details | Date of change |
|---|---|---|
| 1 | [2026年05月22日] 掲載 |
May 22, 2026, 3:32 p.m. |
| Summary | A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations. This vulnerability is only exploitable on the on-premise version of Apex One and a potential attacker must have access to the Apex One Server and already obtained administrative credentials to the server via some other method to exploit this vulnerability. |
|---|---|
| Publication Date | May 21, 2026, 11:16 p.m. |
| Registration Date | May 22, 2026, 4:07 a.m. |
| Last Update | May 22, 2026, 12:05 a.m. |
| Summary | An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
|---|---|
| Publication Date | May 21, 2026, 11:16 p.m. |
| Registration Date | May 22, 2026, 4:07 a.m. |
| Last Update | May 22, 2026, 12:05 a.m. |
| Summary | An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different named pipe communication mechanism. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
|---|---|
| Publication Date | May 21, 2026, 11:16 p.m. |
| Registration Date | May 22, 2026, 4:07 a.m. |
| Last Update | May 22, 2026, 12:05 a.m. |
| Summary | An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different inter-process communication mechanism. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
|---|---|
| Publication Date | May 21, 2026, 11:16 p.m. |
| Registration Date | May 22, 2026, 4:07 a.m. |
| Last Update | May 22, 2026, 12:05 a.m. |
| Summary | An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different process protection mechanism. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
|---|---|
| Publication Date | May 21, 2026, 11:16 p.m. |
| Registration Date | May 22, 2026, 4:07 a.m. |
| Last Update | May 22, 2026, 12:05 a.m. |
| Summary | An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45207 but exists in a different process protection communication mechanism. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
|---|---|
| Publication Date | May 21, 2026, 11:16 p.m. |
| Registration Date | May 22, 2026, 4:07 a.m. |
| Last Update | May 22, 2026, 12:05 a.m. |
| Summary | An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45206 but exists in a different process protection communication mechanism. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
|---|---|
| Publication Date | May 21, 2026, 11:16 p.m. |
| Registration Date | May 22, 2026, 4:07 a.m. |
| Last Update | May 22, 2026, 12:05 a.m. |
| Summary | A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
|---|---|
| Publication Date | May 21, 2026, 11:16 p.m. |
| Registration Date | May 22, 2026, 4:07 a.m. |
| Last Update | May 22, 2026, 12:05 a.m. |