HomeIntelligenceBrief
VULNERABILITY BRIEF🟠 High Vulnerability

Two Actively Exploited Vulnerabilities (CVE-2025-34291, CVE-2026-34926) Threaten Langflow and Trend Micro Apex One

CISA added CVE‑2025‑34291 (Langflow) and CVE‑2026‑34926 (Trend Micro Apex One) to its KEV catalog after confirming active exploitation. Both flaws enable unauthenticated code execution or file access, raising supply‑chain and endpoint‑security risk for organizations that use these products.

LiveThreat™ Intelligence · 📅 May 22, 2026· 📰 cisa.gov
🟠
Severity
High
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
4 recommended
📰
Source
cisa.gov

Two Actively Exploited Vulnerabilities (CVE‑2025‑34291, CVE‑2026‑34926) Threaten Langflow and Trend Micro Apex One

What It Is — CISA added CVE‑2025‑34291 (Langflow origin‑validation error) and CVE‑2026‑34926 (Trend Micro Apex One directory‑traversal) to its Known Exploited Vulnerabilities (KEV) Catalog, confirming that threat actors are actively leveraging both flaws in the wild. Both vulnerabilities permit unauthenticated attackers to bypass security controls, leading to arbitrary code execution or arbitrary file read.

Exploitability — Active exploitation confirmed by CISA; public PoCs exist for the Langflow issue, and Trend Micro reports observed exploitation attempts. CVSS v3.1 scores: CVE‑2025‑34291 = 8.8 (High), CVE‑2026‑34926 = 7.5 (High).

Affected Products — Langflow (open‑source LLM UI framework) and Trend Micro Apex One (on‑premise endpoint protection suite).

TPRM Impact — Third‑party risk is heightened for organizations that embed Langflow in customer‑facing applications or rely on Trend Micro Apex One for endpoint security. A successful compromise could enable data exfiltration, ransomware deployment, or supply‑chain contamination affecting downstream partners.

Recommended Actions

  • Deploy vendor‑issued patches or mitigations for both CVEs immediately.
  • Run targeted scans to identify any Langflow instances or Apex One agents in your environment.
  • Elevate KEV catalog items to top‑priority remediation in your vulnerability‑management program.
  • Verify that any third‑party services or SaaS offerings that incorporate Langflow are also patched.

Source: CISA Advisory – May 21 2026

📰 Original Source
https://www.cisa.gov/news-events/alerts/2026/05/21/cisa-adds-two-known-exploited-vulnerabilities-catalog

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Misconfigurations are control gaps in disguise.

Verisq AI Trust Operations turns findings like this into mapped controls with continuous evidence, keeping your audit readiness current instead of point-in-time.

Map your controls with Verisq AI Trust Operations →