Two Actively Exploited Vulnerabilities (CVE‑2025‑34291, CVE‑2026‑34926) Threaten Langflow and Trend Micro Apex One
What It Is — CISA added CVE‑2025‑34291 (Langflow origin‑validation error) and CVE‑2026‑34926 (Trend Micro Apex One directory‑traversal) to its Known Exploited Vulnerabilities (KEV) Catalog, confirming that threat actors are actively leveraging both flaws in the wild. Both vulnerabilities permit unauthenticated attackers to bypass security controls, leading to arbitrary code execution or arbitrary file read.
Exploitability — Active exploitation confirmed by CISA; public PoCs exist for the Langflow issue, and Trend Micro reports observed exploitation attempts. CVSS v3.1 scores: CVE‑2025‑34291 = 8.8 (High), CVE‑2026‑34926 = 7.5 (High).
Affected Products — Langflow (open‑source LLM UI framework) and Trend Micro Apex One (on‑premise endpoint protection suite).
TPRM Impact — Third‑party risk is heightened for organizations that embed Langflow in customer‑facing applications or rely on Trend Micro Apex One for endpoint security. A successful compromise could enable data exfiltration, ransomware deployment, or supply‑chain contamination affecting downstream partners.
Recommended Actions —
- Deploy vendor‑issued patches or mitigations for both CVEs immediately.
- Run targeted scans to identify any Langflow instances or Apex One agents in your environment.
- Elevate KEV catalog items to top‑priority remediation in your vulnerability‑management program.
- Verify that any third‑party services or SaaS offerings that incorporate Langflow are also patched.
Source: CISA Advisory – May 21 2026