CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2022-26871

CVSS 9.8v3.1pub. 2022-03-29upd. 2025-12-22

An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which could lead to remote code execution.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Trendmicro Apex Central

    APP
    Trendmicro
    2019
  • Trendmicro Apex One

    APP
    Trendmicro
    wszystkie wersje

CISA KEV — detailsi

Vendori
Trend Micro
Producti
Apex Central
Added to KEVi
March 31, 2022
Remediation deadline (US Federal)i
April 21, 2022(overdue)
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

An arbitrary file upload vulnerability in Trend Micro Apex Central could allow for remote code execution.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 21 kwietnia 2022
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2025-54948CRITICAL9.4⚠ KEVPL ✓ten sam produkt

Command injection w Trend Micro Apex One – RCE bez uwierzytelnienia

CVE-2020-8599CRITICAL9.8⚠ KEVten sam produkt

Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote a...

CVE-2025-69258CRITICAL9.8PL ✓ten sam produkt

Krytyczna podatność LoadLibraryEX w Trend Micro Apex Central — RCE jako SYSTEM

CVE-2025-54987CRITICAL9.4PL ✓ten sam produkt

RCE w Trend Micro Apex One – command injection bez uwierzytelnienia

CVE-2025-49219CRITICAL9.8PL ✓ten sam produkt

RCE przez insecure deserialization w Trend Micro Apex Central (pre-auth)