Volerion logoVolerion
Volerion logoVolerion

Trend Micro Apex Central Message Unchecked NULL Return Value Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in Trend Micro Apex Central. This issue arises from a message processing flaw where a NULL return value is not properly checked, allowing remote attackers to create a denial-of-service condition on affected installations. Notably, authentication is not required to exploit this vulnerability.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the application to become unresponsive or unavailable.

Reproduction

The vulnerability can be reproduced by sending a message with ID 0x1b5b using the 'new protocol' format. This message should be crafted to omit the expected CRLF termination, causing the application to receive a NULL return value that is not checked. The lack of validation leads to access violations and crashes the application.

Remediation

Users are advised to upgrade to Trend Micro Apex Central Critical Patch Build 7190 or later.

Added: Jan 8, 2026, 1:20 PM
Updated: Jan 8, 2026, 6:53 PM

Vulnerability Rating

Custom Algorithm
spread
2.6
impact
2.5
exploitability
9.1
remediation
7.7
relevance
1.9
threat
6.4
urgency
2.9
incentive
10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.