A critical directory traversal vulnerability, identified as CVE-2026-34926, has been discovered in the on-premise version of Trend Micro's Apex One, allowing attackers to exploit the flaw. This zero-day vulnerability has been exploited in the wild, prompting TrendAI to release a patch to mitigate the issue. The vulnerability enables attackers to traverse directories, potentially leading to unauthorized access to sensitive data. The exploitability of this flaw expands the active attack surface, making it essential for organizations to assess their exposure and prioritize patching based on evidence of exploitation1. The patch released by TrendAI aims to prevent further exploitation of this vulnerability, and organizations using the on-premise version of Apex One are advised to apply the patch immediately. This vulnerability highlights the importance of timely patch management and vulnerability assessment in preventing cyber attacks, so practitioners should prioritize patching based on their specific exposure and evidence of exploitation.