July has been a busy month for security teams inside four major cybersecurity vendors. Trend Micro, Tanium, ESET, and Tenable all shipped product updates targeting vulnerabilities that range from critical down to medium severity. No active exploitation has been reported for any of these bugs — but as recent attacks on Palo Alto Networks and Trend Micro itself have shown, security products are a prime target for sophisticated threat actors.
Here is what got patched, who is affected, and why these fixes matter now.
Tenable Agent: Critical Path Traversal Opens Door to RCE
The most severe of the bunch is a critical-severity path traversal vulnerability in the Tenable Agent, tracked as CVE-2026-15265. Tenable notified customers this week that the flaw could let an attacker achieve remote code execution on an affected system.
Path traversal bugs are a classic but still dangerous class of vulnerability. They allow an attacker to break out of restricted directories and write or execute files in places they should not have access to. When that happens inside a security agent — software designed to run with elevated privileges — the consequences can be severe. In this case, Tenable rates the bug as critical, meaning organizations should prioritize updating their agents immediately.
The advisory does not specify a CVSS score, but the critical designation alone signals urgency. Tenable has not published any workaround; the fix is the update itself.
ESET Inspect Connector: Local Privilege Escalation via ALPC
ESET disclosed a high-severity local privilege escalation vulnerability in its Inspect Connector for Windows on Tuesday. The company explained that an attacker with local access could send specially crafted Advanced Local Procedure Call (ALPC) requests to the vulnerable process’s interface.
“Without proper authentication or origin validation in place, this message would be accepted and processed,” ESET wrote in its advisory. That means the attacker could access restricted functionality — essentially, they could elevate their privileges on the machine.
This is not a remote exploit. An attacker would need to already have some foothold on the system. But once inside, this bug makes lateral movement and deeper compromise much easier. ESET also published a separate advisory for a medium-severity denial-of-service (DoS) vulnerability affecting its security products for Linux.
Tanium Server: Unauthenticated DoS from the Network
Tanium informed customers last week about a high-severity flaw in the Tanium Server that could allow an unauthenticated, network-based attacker to launch a denial-of-service attack. The company’s advisory is characteristically sparse on technical details, but the risk is clear: an attacker who can reach the Tanium Server over the network does not need valid credentials to knock it offline.
For organizations that rely on Tanium for endpoint management and incident response, a DoS on the server could blind them to threats across the fleet. The update is recommended for all supported versions.
Trend Micro Cleaner One Pro: Local Privilege Escalation
Trend Micro warned users of Cleaner One Pro last week about a high-severity local privilege escalation vulnerability. The company said the bug could allow an attacker to delete privileged Trend Micro files — essentially letting a low-privileged user tamper with security software.
Cleaner One Pro is a system optimization tool, not a core security product like Apex One. Still, any vulnerability that lets an attacker delete files belonging to a Trend Micro application is concerning. It could be used to disable protections or corrupt logs.
Why Security Product Vulnerabilities Are a Bigger Deal
None of these vulnerabilities are known to have been exploited in the wild — yet. But there is a reason security teams pay close attention when a vendor like Trend Micro or ESET issues a patch. Security products run with high privileges by design. They have deep access to the operating system, the file system, and network traffic. A successful exploit against a security agent can give an attacker a beachhead that is extremely hard to detect.
Recent history bears this out. In June 2026, both Palo Alto Networks and Trend Micro confirmed that attackers had exploited vulnerabilities in their products in the wild. Those incidents served as a reminder that threat actors actively hunt for bugs in the very tools meant to stop them.
What Organizations Should Do Now
The message from all four vendors is the same: update now. For Tenable Agent, that means applying the latest version as soon as possible. For ESET Inspect Connector and Tanium Server, the same. For Trend Micro Cleaner One Pro, users should check for updates through the application or the vendor’s download portal.
If your organization uses any of these products, this is not a patch cycle to delay. The vulnerabilities are real, the fixes are available, and the window of opportunity for attackers is only getting wider.
For more context on recent security product vulnerabilities, see our coverage of Fortinet, Ivanti, and ServiceNow patches and the recent CrowdStrike and Tenable fixes.