CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV

Ravie LakshmananMay 22, 2026Vulnerability / Cyber Attack

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Langflow and Trend Micro Apex One to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

The vulnerabilities in question are listed below -

CVE-2025-34291 (CVSS score: 9.4) - An origin validation error vulnerability in Langflow that could allow an attacker to execute arbitrary code and achieve full system compromise.

CVE-2026-34926 (CVSS score: 6.7) - A directory traversal vulnerability in on-premise versions of Trend Micro Apex One that could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations.

CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV

Other newsrooms on this story

Related reading

CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits

Trend Micro Apex One und Langflow: Warnung vor Angriffen

TrendAI Patches Apex One Zero-Day Exploited in the Wild

CISA flags data-theft bug in NSA-built OT networking tool

Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege…

Microsoft Warns of Two Actively Exploited Defender Vulnerabilities