MiniPlasma and Apex One zero-days actively exploited
Key Questions
What is the MiniPlasma zero-day vulnerability?
MiniPlasma is a local privilege escalation flaw in the Windows Cloud Files Mini Filter Driver (cldflt.sys) that is being actively weaponized. Network visibility is required for effective detection.
Which Trend Micro product has an actively exploited zero-day?
Trend Micro Apex One CVE-2026-34926 has been exploited in the wild, prompting an emergency patch from the vendor.
Has CISA added any related vulnerabilities to the KEV catalog?
CISA has added both the Trend Micro Apex One and Langflow vulnerabilities to its Known Exploited Vulnerabilities catalog due to confirmed in-the-wild exploitation.
How are attackers using the MiniPlasma vulnerability?
Adversaries are leveraging the unpatched MiniPlasma flaw to bypass traditional endpoint security controls and gain SYSTEM-level privileges.
What should organizations do to address these zero-days?
Apply the Trend Micro Apex One patch immediately and implement enhanced monitoring for cldflt.sys activity. Review CISA KEV guidance for additional mitigation steps.
MiniPlasma Windows LPE (cldflt.sys) weaponized with network visibility needed for detection. Trend Micro Apex One CVE-2026-34926 exploited in wild; CISA KEV addition for Langflow and Apex One confirms active threats.