CVE-2026-45208
Undergoing Analysis Undergoing Analysis - In Progress
TOCTOU Privilege Escalation in Apex One/SEP Agent

Publication date: 2026-05-21

Last updated on: 2026-05-22

Assigner: Trend Micro, Inc.

Description
A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-21
Last Modified
2026-05-22
Generated
2026-06-10
AI Q&A
2026-05-21
EPSS Evaluated
2026-06-09
NVD
CVE-2026-45208
EUVD
EUVD-2026-31281
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
trendmicro apex_one to 14.0.20731 (exc)
trendmicro apex_one to 14.0.0.17079 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-367 The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

This vulnerability affects the Apex One/SEP agent and allows local privilege escalation. To mitigate this vulnerability, it is important to apply the latest security updates and patches provided by Trend Micro for Apex One and SEP.

Since exploitation requires prior ability to execute low-privileged code, restricting local code execution and applying the updates will reduce risk.

Executive Summary

This vulnerability is a time-of-check time-of-use (TOCTOU) flaw found in the Apex One/SEP agent. It allows a local attacker, who already has the ability to run low-privileged code on the affected system, to escalate their privileges. Essentially, the attacker can exploit a timing issue between checking a condition and using a resource to gain higher access rights.

Impact Analysis

If exploited, this vulnerability can allow an attacker with limited access to increase their privileges on the system. This means they could potentially gain administrative or higher-level control, leading to unauthorized actions such as installing malicious software, accessing sensitive data, or disrupting system operations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45208. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart