The U.S. Cybersecurity and Infrastructure Security Agency has added two actively exploited security vulnerabilities to its Known Exploited Vulnerabilities catalog, targeting Langflow and Trend Micro Apex One platforms. Federal agencies must remediate these flaws by June 4, 2026, while private sector organizations should prioritize immediate patching to prevent system compromise.
Critical Vulnerabilities Under Active Attack
The first vulnerability, CVE-2025-34291, affects Langflow with a severity score of 9.4. This origin validation error combines three critical weaknesses: overly permissive cross-origin resource sharing, absent CSRF protection, and an endpoint enabling code execution. Successful exploitation grants attackers complete system control while exposing sensitive access tokens and API keys. Obsidian Security warned this creates cascading compromise scenarios across integrated cloud and SaaS environments. Iranian threat group MuddyWater has already weaponized this flaw for initial network access.
The second vulnerability, CVE-2026-34926, impacts on-premise Trend Micro Apex One installations with a severity rating of 6.7. This directory traversal flaw allows pre-authenticated local attackers with administrative credentials to modify key server tables and inject malicious code for deployment to connected agents. Trend Micro confirmed observing active exploitation attempts, though the attack surface remains limited to attackers who have already compromised administrative access through alternate methods.
Key Takeaway
Organizations running Langflow or on-premise Trend Micro Apex One must apply vendor patches immediately. The Langflow vulnerability requires no prior authentication, making it particularly dangerous for internet-facing instances. Security teams should audit all Langflow workspaces for unauthorized API keys and review access logs for suspicious activity. For Apex One deployments, implement enhanced monitoring of administrative access and restrict local server privileges as defense-in-depth measures while applying patches.
Article Source: CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV | Image: Photo by Christina & Peter via Pexels
