- Pattern Micro patches CVE‑2026‑34926, a medium‑severity listing traversal flaw in Apex One (on‑prem) that lets native admins inject malicious code
- Regardless of requiring prior admin entry, the bug is already being exploited within the wild, prompting pressing patching steering
- CISA provides it to the KEV catalog, giving federal businesses till June 4 2026 to replace or discontinue use per BOD 22‑01 directives
A harmful vulnerability in Pattern Micro’s Apex One product is being actively abused within the wild, researchers have warned, urging customers to use the supplied patch as quickly as doable.
Apex One is Pattern Micro’s endpoint safety platform (EPP) constructed to guard enterprise units from malware, ransomware, fileless assaults, and varied different cyber-threats. It makes use of a mix of antivirus capabilities, behavioral evaluation, machine studying, and EDR/XDR. It seems to be quite in style, with some sources counting the variety of clients within the 1000’s.
The corporate has now issued a patch for a listing traversal vulnerability within the on-prem variant of Apex One which might permit native actors (with admin privileges) to inject malicious code.
Capturing tokens
“A listing traversal vulnerability within the Apex One (on-premise) server might permit a pre-authenticated native attacker to switch a key desk on the server to inject malicious code to deploy to brokers on affected installations,” the NVD entry reads.
“This vulnerability is barely exploitable on the on-premise model of Apex One and a possible attacker should have entry to the Apex One Server and already obtained administrative credentials to the server through another technique to use this vulnerability.”
The bug is now tracked as CVE-2026-34926 and carries a severity rating of 6.7/10 (medium).
Whereas all of it factors to a considerably low-risk vulnerability, Pattern Micro mentioned that it noticed “at the very least one” exploitation try, already.
We don’t know if one try is sufficient to get listed in CISA’s Identified Exploited Vulnerabilities (KEV) database, however the US company simply did that. Final Thursday, CISA disclosed a brand new entry within the catalog, giving Federal Civilian Government Department (FCEB) businesses a deadline of June 4 to use the patch or cease utilizing Apex One fully.
“A majority of these vulnerabilities are frequent assault vectors for malicious cyber actors and pose vital dangers to the federal enterprise,” CISA mentioned. “Apply mitigations per vendor directions, comply with relevant BOD 22-01 steering for cloud companies, or discontinue use of the product if mitigations are unavailable.”
By way of BleepingComputer
The most effective antivirus for all budgets
Comply with TechRadar on Google Information and add us as a most popular supply to get our knowledgeable information, evaluations, and opinion in your feeds.
