Vulnerability Management

CISA adds Trend Micro Apex One and Langflow flaws to exploited vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, specifically targeting flaws in Trend Micro Apex One and Langflow, based on information published by Security Affairs.

The vulnerabilities added are CVE-2025-34291, an origin validation error in Langflow with a CVSS score of 9.4, and CVE-2026-34926, a directory traversal flaw in Trend Micro Apex One (on-premise) with a CVSS score of 6.7. The Langflow vulnerability allows for arbitrary code execution and system compromise, and has been actively exploited in the wild by the Iran-nexus APT group MuddyWater. The Trend Micro Apex One vulnerability, exploitable by a local attacker with administrative credentials, allows modification of server tables and injection of malicious code.

CISA mandates that federal agencies address these vulnerabilities by June 4, 2026, to mitigate risks. Private organizations are also strongly advised to review the KEV catalog and patch their systems accordingly.

Source: Security Affairs

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds