Back to Feed
VulnerabilitiesJul 16, 2026

Trend Micro, Tanium, ESET and Tenable Patch Severe Product Vulnerabilities

Trend Micro, Tanium, ESET, and Tenable patch critical and high-severity vulnerabilities in security products.

Summary

Multiple major cybersecurity vendors released patches this month for severe vulnerabilities in their products. Tenable fixed a critical path traversal (CVE-2026-15265) in Tenable Agent allowing RCE, while ESET patched a high-severity privilege escalation in Inspect Connector and a DoS flaw in Linux products. Tanium and Trend Micro also addressed high-severity DoS and privilege escalation flaws respectively.

Full text

Cybersecurity companies Trend Micro, ESET, Tenable, and Tanium released product updates this month to patch severe vulnerabilities. Tenable told customers this week that it has fixed a critical-severity path traversal in the Tenable Agent. The security hole, tracked as CVE-2026-15265, may allow an attacker to achieve remote code execution. [ Read: SonicWall Issues Urgent SMA Patch Warning for Two Zero-Day Exploits ] ESET informed customers on Tuesday that it has discovered and patched a high-severity local privilege escalation vulnerability in Inspect Connector for Windows. “On systems with the affected ESET product installed, an attacker could send self-crafted Advanced Local Procedure Call (ALPC) requests to the vulnerable process’ interface,” ESET explained in its advisory. “Without proper authentication or origin validation in place, this message would be accepted and processed, enabling the attacker to access restricted functionality.” ESET has also published a separate advisory for a medium-severity DoS vulnerability in its security products for Linux.Advertisement. Scroll to continue reading. Tanium informed customers last week about a high-severity DoS flaw affecting Tanium Server. “This vulnerability could allow an unauthenticated, network-based attacker to perform a denial of service attack against the Tanium Server,” the company noted. Trend Micro informed Cleaner One Pro users last week of a high-severity local privilege escalation vulnerability that could allow an attacker to delete privileged Trend Micro files. Palo Alto Networks also released patches this month, addressing over a dozen vulnerabilities in its products. While there is no evidence of exploitation for the latest vulnerabilities, it’s not uncommon for threat actors to target security products in their attacks. For instance, Palo Alto Networks and Trend Micro recently confirmed in-the-wild exploitation. Related: Vulnerabilities Patched by Fortinet, Ivanti, ServiceNow Related: Vulnerabilities Patched in CrowdStrike, Tenable Products Related: Trend Micro Patches Critical Apex One Vulnerabilities Written By Eduard Kovacs Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering. Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights. More from Eduard Kovacs ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, RockwellSonicWall Issues Urgent SMA Patch Warning for Two Zero-Day ExploitsSynopsys Finds No Evidence of Data Breach Amid Bosch Hack Claims7 Severe Vulnerabilities Patched in VMware Avi Load BalancerUnpatched Claude for Chrome Flaw Lets Extensions Read Gmail, CalendarPentagon Suspends CMMC Phase 2 as It Rethinks Contractor Cybersecurity RulesCybersecurity M&A Roundup: 37 Deals Announced in June 2026Centers Laboratory Data Breach Affects 540,000 Individuals Latest News Nightmare Eclipse Drops ‘LegacyHive’ Windows Zero-Day Unpatched Cursor Vulnerability Exposes Users to Code ExecutionCISA Urges Immediate Patching of Exploited SharePoint VulnerabilitiesWindows Bind Link Attacks Can Hide Malware From EDR ToolsVirtual Event Today: Cloud & Data Security SummitUS Charges Russian Individuals and Firms for Running Cybercrime ServicesVulnerabilities Patched by Fortinet, Ivanti, ServiceNowWhite House Launches AI-Driven ‘Gold Eagle’ Vulnerability Coordination Initiative Trending Daily Briefing NewsletterSubscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Why Email Security Keeps Failing (And What Has to Change) July 8, 2026 Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more. Register Virtual Event: 2026 Cloud Security Summit July 15, 2026 This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments. Register People on the MoveN-able has appointed Russell Rosa as Chief Revenue Officer.Stacy O'Mara has joined Armadin as Chief Policy Officer and Director of Global Government Affairs.F5 has appointed Cathy Peterman as Chief People Officer.More People On The MoveExpert Insights The Shift Toward Business-Aligned Risk Management Moving from isolated, technical data to a continuous risk lifecycle can help organizations align security controls with actual business consequences. (Steve Durbin) How to Conduct a Successful Audit of AI-Driven Software Development As AI-generated code becomes commonplace, CISOs need new audit strategies to measure developer practices, govern AI tool usage, and identify software risks before they reach production. (Matias Madou) Frontier AI: Six Questions Every Enterprise Should Ask Security Vendors From model selection and automation to validation and measurable results, the right questions can help enterprises separate genuine AI capabilities from marketing hype. (Joshua Goldfarb) The AI Token Costs That Can Break Cybersecurity As cybersecurity platforms embrace agentic AI, organizations must balance detection performance against the escalating costs of token consumption, deployment architecture, and AI credits. (Danelle Au) When Information Becomes the Attack Surface – Understanding AI Agent Traps From hidden content injections to cognitive state poisoning, attackers are turning trusted data sources into traps for autonomous AI. (Etay Maor) Flipboard Reddit Whatsapp Whatsapp Email

Indicators of Compromise

  • cve — CVE-2026-15265

Entities

Tenable (vendor)ESET (vendor)Tanium (vendor)Trend Micro (vendor)Tenable Agent (product)ESET Inspect Connector (product)