HomeIntelligenceBrief
VULNERABILITY BRIEF🔴 Critical Vulnerability

Critical Chain‑Reaction Vulnerabilities in Langflow (CVE‑2025‑34291) and Trend Micro Apex One (CVE‑2026‑34926) Added to CISA KEV Catalog

CISA has added a critical Langflow origin‑validation bug (CVSS 9.4) and a moderate Trend Micro Apex One directory‑traversal flaw (CVSS 6.7) to its Known Exploited Vulnerabilities catalog. Both are actively exploited, threatening SaaS integrations and on‑premise endpoint protection, and demand immediate remediation for third‑party risk managers.

LiveThreat™ Intelligence · 📅 May 22, 2026· 📰 securityaffairs.com
🔴
Severity
Critical
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
5 recommended
📰
Source
securityaffairs.com

Critical Chain‑Reaction Vulnerabilities in Langflow (CVE‑2025‑34291) and Trend Micro Apex One (CVE‑2026‑34926) Added to CISA KEV Catalog

What It Is – The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has placed two high‑risk flaws into its Known Exploited Vulnerabilities (KEV) catalog: an origin‑validation error in the open‑source LLM workflow platform Langflow (CVE‑2025‑34291, CVSS 9.4) and a directory‑traversal issue in Trend Micro Apex One (on‑premise) (CVE‑2026‑34926, CVSS 6.7).

Exploitability – Both vulnerabilities are confirmed to be actively exploited in the wild. MuddyWater (an Iran‑linked APT) is leveraging CVE‑2025‑34291 to achieve initial access, while Trend Micro reports at least one real‑world exploitation attempt of CVE‑2026‑34926.

Affected Products

  • Langflow – any on‑premise or self‑hosted deployment of the Langflow workflow engine.
  • Trend Micro Apex One (on‑premise) – server component of the endpoint‑protection suite.

TPRM Impact

  • Compromise of a Langflow instance can expose all stored API keys, tokens, and downstream SaaS credentials, creating a cascade of supply‑chain risk for any third‑party services integrated with the compromised workspace.
  • Exploitation of Apex One can allow a privileged local attacker to inject malicious code into agents, potentially pivoting to broader network assets if the attacker already possesses admin credentials.

Recommended Actions

  • Patch immediately – apply the vendor‑released fixes for CVE‑2025‑34291 (Langflow) and CVE‑2026‑34926 (Apex One).
  • Validate CORS/CSRF controls on Langflow deployments; enforce strict origin lists and enable CSRF tokens.
  • Review and rotate all API keys, tokens, and service‑account credentials stored in Langflow workspaces.
  • Audit local admin access to Apex One servers; enforce least‑privilege and MFA for administrative accounts.
  • Update third‑party risk registers to flag any suppliers that rely on Langflow or Apex One as a security control layer.

Source: Security Affairs

📰 Original Source
https://securityaffairs.com/192529/hacking/u-s-cisa-adds-trend-micro-apex-one-and-langflow-to-its-known-exploited-vulnerabilities-catalog.html

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Misconfigurations are control gaps in disguise.

Verisq AI Trust Operations turns findings like this into mapped controls with continuous evidence, keeping your audit readiness current instead of point-in-time.

Map your controls with Verisq AI Trust Operations →