www.belgium.be Logo of the federal government

Trend Micro Apex Central Arbitrary File Upload Remote Code Execution (RCE) Vulnerability

Advisory #2022-007
Geïmpacteerde software: 
Trend Micro Apex Central 2019 (on-prem) prior to Build 6016 Trend Micro Apex Central (SaaS) prior to Build 202203
Arbitrary File Upload, Remote Code Execution
  • CVE-2022-26871
  • CVE-2022-26871
  • CVSS- 8.6


Trend Micro: https://success.trendmicro.com/dcx/s/solution/000290678?language=en_US


Unpatched (on-premise) Trend Micro Apex Central systems will not properly check for file contents.

Trend Micro notes that the “(updated) SaaS version has already been deployed on the backend and no further action is required from SaaS customers on this issue.”


Trend Micro Apex Central is a web-based console that provides centralized management for Trend Micro products and services and provides a single monitoring point for antivirus and content security products and services throughout the network.

On the 29th of March 2022, Trend Micro published a security bulletin detailing the existence of an arbitrary file upload weakness, which if exploited, could lead to unauthenticated remote code execution.

Due to Trend Micro having observed active attempts of exploitation, organisations using on-premise deployments of Trend Micro Apex Central are strongly encouraged to update to the latest build as soon as possible.


Aanbevolen acties

Trend Micro notes that in addition to timely patching/updating of vulnerable systems, “customers are also advised to review remote access to critical systems and ensure policies and perimeter security is up-to-date.”