CVE-2022-26871
CRITICAL KEVTrend Micro Apex Central - Unauthenticated Arbitrary File Upload
Title source: llmExploitation Summary
CVE-2022-26871 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 31, 2022.
Description
An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which could lead to remote code execution.
References (6)
Core 6
Core References
Mitigation, Patch, Vendor Advisory x_refsource_misc
https://success.trendmicro.com/solution/000290678
Mitigation, Patch, Vendor Advisory x_refsource_misc
https://success.trendmicro.com/jp/solution/000290660
Third Party Advisory, VDB Entry x_refsource_misc
https://www.jpcert.or.jp/english/at/2022/at220008.html
Third Party Advisory, VDB Entry x_refsource_misc
https://jvn.jp/vu/JVNVU99107357
Vendor Advisory x_refsource_misc
https://appweb.trendmicro.com/supportNews/NewsDetail.aspx?id=4435
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-26871
Scores
CVSS v3
9.8
EPSS
0.2130
EPSS Percentile
95.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
yes
Technical Impact
total
Details
CISA KEV
2022-03-31
VulnCheck KEV
2022-03-31
InTheWild.io
2022-03-31
ENISA EUVD
EUVD-2022-31420
CWE
CWE-345
Status
published
Products (2)
trendmicro/apex_central
2019
trendmicro/apex_one
Published
Mar 29, 2022
KEV Added
Mar 31, 2022
Tracked Since
Feb 18, 2026