The U.S. Cybersecurity and Infrastructure Security Agency on Thursday added two flaws affecting Langflow and Trend Micro Apex One to its Known Exploited Vulnerabilities catalog after evidence of active exploitation, including CVE-2025-34291, a high-severity Langflow issue rated 9.4.
KEY FACTS
- Langflow flaw CVE-2025-34291 can allow arbitrary code execution and full system compromise.
- Trend Micro flaw CVE-2026-34926 affects on-premise Apex One and is rated 6.7.
- Observed activity Trend Micro said it had seen at least one attempt to exploit the Apex One issue in the wild.
- Deadline Federal civilian executive branch agencies must apply fixes by June 4, 2026.
A technical analysis from Obsidian Security said the Langflow issue combines overly permissive CORS, missing CSRF protection and an endpoint that allows code execution by design. The report said successful exploitation could expose sensitive access tokens and API keys stored in the workspace.
In March 2026, another report said the flaw had been used by the Iranian hacking group MuddyWater to gain initial access to target networks. For the Trend Micro issue, the disclosure said exploitation is limited to the on-premise version of Apex One and requires access to the server and administrative credentials already obtained by some other method.
CISA’s addition puts the vulnerabilities on a watchlist that federal agencies are required to address on a short timeline. The designation also signals that defenders should prioritize patching exposed Langflow and Apex One installations and review whether either product has already been targeted.
WHY IT MATTERS
Both flaws are tied to active exploitation, which increases the risk that unpatched systems could be compromised. The catalog entry also gives federal agencies a set deadline, while private-sector operators can use the same signal to accelerate remediation and incident checks.