The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, specifically targeting flaws in Trend Micro Apex One and Langflow, based on information published by Security Affairs.The vulnerabilities added are CVE-2025-34291, an origin validation error in Langflow with a CVSS score of 9.4, and CVE-2026-34926, a directory traversal flaw in Trend Micro Apex One (on-premise) with a CVSS score of 6.7. The Langflow vulnerability allows for arbitrary code execution and system compromise, and has been actively exploited in the wild by the Iran-nexus APT group MuddyWater. The Trend Micro Apex One vulnerability, exploitable by a local attacker with administrative credentials, allows modification of server tables and injection of malicious code.CISA mandates that federal agencies address these vulnerabilities by June 4, 2026, to mitigate risks. Private organizations are also strongly advised to review the KEV catalog and patch their systems accordingly.Source: Security Affairs
Vulnerability Management
CISA adds Trend Micro Apex One and Langflow flaws to exploited vulnerabilities catalog

Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds


