HomeIntelligenceBrief
VULNERABILITY BRIEF🔴 Critical Vulnerability

Critical Origin Validation Flaw in Langflow (CVE‑2025‑34291) and Trend Micro Apex One Added to CISA KEV Catalog – Active Exploitation Threatens Enterprise Workflows and Endpoint Security

CISA has listed two actively‑exploited vulnerabilities—Langflow’s CVE‑2025‑34291 and a remote‑code‑execution bug in Trend Micro Apex One—in its KEV catalog. Both affect critical AI‑workflow and endpoint‑security tools, raising supply‑chain risk for organizations that rely on these third‑party solutions.

LiveThreat™ Intelligence · 📅 May 22, 2026· 📰 thehackernews.com
🔴
Severity
Critical
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
5 recommended
📰
Source
thehackernews.com

Critical Origin Validation Flaw in Langflow (CVE‑2025‑34291) and Trend Micro Apex One Added to CISA KEV Catalog – Active Exploitation Threatens Enterprise Workflows and Endpoint Security

What It Is — CISA has placed two actively‑exploited flaws into its Known Exploited Vulnerabilities (KEV) list: an origin‑validation error in the open‑source LLM workflow platform Langflow (CVE‑2025‑34291, CVSS 9.4) and a remote‑code‑execution issue in Trend Micro Apex One, a widely‑deployed endpoint‑security suite. Both bugs allow unauthenticated attackers to bypass security controls and execute arbitrary code on vulnerable hosts.

Exploitability — Proof‑of‑concept exploits have been observed in the wild for both flaws; CISA’s advisory cites active exploitation campaigns targeting organizations that integrate Langflow into internal AI pipelines or deploy Apex One on endpoint fleets.

Affected Products

  • Langflow – open‑source LLM orchestration tool (various self‑hosted deployments).
  • Trend Micro Apex One – endpoint protection platform (Windows, macOS, Linux agents).

TPRM Impact – Supply‑chain risk is elevated because many third‑party SaaS providers embed Langflow in their AI services, and Apex One is often a mandated security layer for downstream vendors. A breach in either product can cascade to partner ecosystems, exposing data and disrupting operations.

Recommended Actions

  • Patch Immediately – Apply the vendor‑released fixes for CVE‑2025‑34291 (Langflow) and the Apex One vulnerability; verify patch deployment across all environments.
  • Segmentation – Isolate Langflow instances from critical internal networks and enforce strict origin‑validation controls until patches are confirmed.
  • Endpoint Review – Conduct an inventory of all devices running Apex One; ensure the latest agent version and enable automatic update policies.
  • Third‑Party Risk Review – Re‑assess any suppliers or SaaS services that rely on Langflow or Apex One; request evidence of remediation and update contractual security clauses.
  • Monitoring – Deploy IDS/IPS signatures for known exploit traffic and enable CISA‑recommended KEV alerts in your SIEM.

Source: The Hacker News – CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV

📰 Original Source
https://thehackernews.com/2026/05/cisa-adds-exploited-langflow-and-trend.html

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Every gap like this maps to a control you can evidence.

The Verisq AI Trust Operations platform maps incidents to your control framework and collects the evidence continuously — so your Trust Center shows proof, not promises, when a buyer or auditor asks.

Explore the Verisq AI Trust Operations platform →