Added to KEV Catalog

CISA Flags Actively Exploited Vulnerabilities in Langflow and Trend Micro

Trend Micro, Langflow vulnerability, Trend Micro Apex One vulnerability, CVE-2025-34291, CISA warns about Langflow vulnerability exploitation, Trend Micro Apex One KEV catalog vulnerability, CVE-2025-34291 remote code execution attack, CISA, vulnerability
Facebook
X
LinkedIn
Reddit
WhatsApp
Source: JHVEPhoto /Shutterstock.com

The U.S. Cybersecurity and Infrastructure Security Agency (Cybersecurity and Infrastructure Security Agency) has added two newly identified vulnerabilities affecting Langflow and Trend Micro Apex One to its Known Exploited Vulnerabilities (KEV) catalog. U.S. federal agencies are required to apply patches by June 4, 2026.

The inclusion confirms that both flaws are actively being exploited by cybercriminals in real-world environments. One vulnerability impacts the AI orchestration platform Langflow, while the second affects on-premises deployments of Trend Micro Apex One endpoint security software.

Ad

For civilian federal agencies in the United States, the KEV listing creates a mandatory remediation deadline. Since the KEV catalog is widely used by enterprise security teams around the world as a benchmark for vulnerability prioritization, the warning also has broader implications for global patch management strategies.

Critical Langflow Vulnerability Enables Remote Code Execution

The first vulnerability, tracked as CVE-2025-34291, carries a critical CVSS severity score of 9.4. The flaw stems from improper validation of data origins within the application. Successful exploitation allows remote attackers to execute arbitrary code on vulnerable systems, potentially leading to a full compromise of the underlying IT infrastructure.

Langflow is increasingly deployed in enterprise environments to build and orchestrate AI and large language model workflows. A breach of such systems could therefore expose core components of AI-driven business operations.

Ad

Spy Group Activity Linked to Exploitation

According to research published by Obsidian Security in December 2025, the vulnerability combines three separate weaknesses: overly permissive Cross-Origin Resource Sharing (CORS) policies, missing Cross-Site Request Forgery (CSRF) protections, and an endpoint that inherently allows code execution.

The impact extends far beyond the Langflow instance itself. Attackers may also gain access to stored API keys and authentication tokens within the workspace, potentially triggering follow-on attacks against connected cloud and Software-as-a-Service environments.

In March 2026, the research group Ctrl-Alt-Intel reported that the Iranian cyber espionage group MuddyWater has been actively exploiting the vulnerability to gain initial access to targeted corporate networks.

Trend Micro Apex One Vulnerability Targets On-Premises Installations

The second vulnerability added to the KEV catalog affects Trend Micro Apex One and is tracked as CVE-2026-34926. The flaw has a medium severity rating of 6.7 and involves a directory traversal issue affecting only on-premises deployments of the software.

Cloud-hosted versions of the service are not impacted.

A local attacker can exploit the flaw to modify an internal key table on the central server. This could enable the injection of malicious code, which may then be automatically distributed to connected security agents across endpoint devices throughout the network.

Higher Barrier to Exploit Trend Micro Flaw

Trend Micro stated in a technical advisory that at least one real-world exploitation attempt has already been observed.

However, exploiting the vulnerability is significantly more complex than the Langflow issue. An attacker must already have access to the Apex One server and must first obtain administrative credentials through another compromise method.

If these prerequisites are met, the flaw could enable large-scale sabotage of an organization’s central security infrastructure by allowing attackers to manipulate or completely disable endpoint protection mechanisms.

CISA Urges Immediate Patching

The simultaneous addition of both vulnerabilities highlights the growing diversity of enterprise attack surfaces in 2026.

While the Trend Micro issue underscores the continued risks surrounding legacy on-premises endpoint environments, the Langflow vulnerability illustrates the emerging security challenges tied to the rapid adoption of enterprise AI infrastructure.

CISA is strongly urging administrators to deploy vendor-issued patches immediately. Because threat actors continuously scan the internet for unpatched systems, delayed remediation significantly increases the risk of compromise.


Lisa Löw

Lisa

Löw

Junior Editor

it-daily.net

Ad

Artikel zu diesem Thema

Logo, Cisco Secure Workload, CVSS 10, tenant isolation, critical Cisco Secure Workload vulnerability Cisco CVE-2026-20223 explained, Cisco tenant isolation bypass flaw, CVE-2026-20223, Cisco vulnerability, vulnerability
23. May 2026
Critical Cisco Vulnerability Breaks Tenant Isolation
Cyberattack, Grafana Labs confirms GitHub environment breach and source code theft, Grafana Labs cyberattack, Grafana Labs hack, GitHub breach, Grafana Labs, Hack
19. May 2026
Cyberattack: Grafana Labs Confirms Source Code Theft
AI
19. March 2026
AI vulnerabilities hit record high as security gaps widen
Vulnerability Scanner
9. March 2026
OpenAI launches Codex Security for vulnerability detection

Weitere Artikel

Security Risk “Heretic”: AI Guardrails Can Be Removed in Minutes
Anthropic Opens Mythos AI Hacking Model to EU Review
No Ransom Paid: Vodafone Source Code Ends Up on the Dark Web
Palo Alto GlobalProtect: Actively Exploited VPN Bypass Threatens Corporate Networks