CVE-2022-26871

CVE Database · CVE-2022-26871

CVE-2022-26871

· CRITICALAnalyzed

CVSS v3.1

9.8

EPSS

19.48%

Published

Mar 29, 2022

Modified

Dec 22, 2025

CISA Known Exploited Vulnerability

Added: 2022-03-31 · Due: 2022-04-21

Apply updates per vendor instructions.

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which could lead to remote code execution.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-345CWE-345

Affected Products (2)

trendmicro · apex_centralvulnerable

trendmicro · apex_onevulnerable

References (11)

https://appweb.trendmicro.com/supportNews/NewsDetail.aspx?id=4435

Vendor Advisory

https://jvn.jp/vu/JVNVU99107357

Third Party AdvisoryVDB Entry

https://success.trendmicro.com/jp/solution/000290660

MitigationPatchVendor Advisory

https://success.trendmicro.com/solution/000290678

MitigationPatchVendor Advisory

https://www.jpcert.or.jp/english/at/2022/at220008.html

Third Party AdvisoryVDB Entry

KEV Catalog EPSS Scores Vendors All CVEs