CVE-2022-26871

CRITICAL KEV

Trend Micro Apex Central - RCE

Title source: llm

Description

An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which could lead to remote code execution.

References (6)

[Vendor Advisory] https://appweb.trendmicro.com/supportNews/NewsDetail.aspx?id=4435

[Third Party Advisory, VDB Entry] https://jvn.jp/vu/JVNVU99107357

[Mitigation, Patch, Vendor Advisory] https://success.trendmicro.com/jp/solution/000290660

[Mitigation, Patch, Vendor Advisory] https://success.trendmicro.com/solution/000290678

[Third Party Advisory, VDB Entry] https://www.jpcert.or.jp/english/at/2022/at220008.html

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-26871

Scores

CVSS v3 9.8

EPSS 0.1944

EPSS Percentile 95.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-03-31

VulnCheck KEV 2022-03-31

InTheWild.io 2022-03-31

ENISA EUVD EUVD-2022-31420

CWE

CWE-345

Status published

Products (2)

trendmicro/apex_central 2019

trendmicro/apex_one

Published Mar 29, 2022

KEV Added Mar 31, 2022

Tracked Since Feb 18, 2026