Critical Chain‑Reaction Vulnerabilities in Langflow (CVE‑2025‑34291) and Trend Micro Apex One (CVE‑2026‑34926) Added to CISA KEV Catalog
What It Is – The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has placed two high‑risk flaws into its Known Exploited Vulnerabilities (KEV) catalog: an origin‑validation error in the open‑source LLM workflow platform Langflow (CVE‑2025‑34291, CVSS 9.4) and a directory‑traversal issue in Trend Micro Apex One (on‑premise) (CVE‑2026‑34926, CVSS 6.7).
Exploitability – Both vulnerabilities are confirmed to be actively exploited in the wild. MuddyWater (an Iran‑linked APT) is leveraging CVE‑2025‑34291 to achieve initial access, while Trend Micro reports at least one real‑world exploitation attempt of CVE‑2026‑34926.
Affected Products –
- Langflow – any on‑premise or self‑hosted deployment of the Langflow workflow engine.
- Trend Micro Apex One (on‑premise) – server component of the endpoint‑protection suite.
TPRM Impact –
- Compromise of a Langflow instance can expose all stored API keys, tokens, and downstream SaaS credentials, creating a cascade of supply‑chain risk for any third‑party services integrated with the compromised workspace.
- Exploitation of Apex One can allow a privileged local attacker to inject malicious code into agents, potentially pivoting to broader network assets if the attacker already possesses admin credentials.
Recommended Actions –
- Patch immediately – apply the vendor‑released fixes for CVE‑2025‑34291 (Langflow) and CVE‑2026‑34926 (Apex One).
- Validate CORS/CSRF controls on Langflow deployments; enforce strict origin lists and enable CSRF tokens.
- Review and rotate all API keys, tokens, and service‑account credentials stored in Langflow workspaces.
- Audit local admin access to Apex One servers; enforce least‑privilege and MFA for administrative accounts.
- Update third‑party risk registers to flag any suppliers that rely on Langflow or Apex One as a security control layer.
Source: Security Affairs