KEV catalog update includes Langflow RCE and Trend Micro Apex One directory traversal flaws under active exploitation

Timeline

1. 22.05.2026 08:47 1 articles · 12h ago

   CISA KEV update includes Langflow RCE and Trend Micro Apex One directory traversal flaws under active exploitation

   CISA added CVE-2025-34291 (Langflow origin validation error, CVSS 9.4) and CVE-2026-34926 (Trend Micro Apex One directory traversal, CVSS 6.7) to the KEV catalog due to active exploitation. CVE-2025-34291 allows arbitrary code execution and full system compromise via three weaknesses: overly permissive CORS, lack of CSRF protection, and a code-execution endpoint, exposing sensitive tokens and enabling cascading compromises. CVE-2026-34926 permits pre-authenticated local attackers with administrative server access to inject malicious code deployable to agents in on-premise Apex One installations. MuddyWater exploited CVE-2025-34291 for initial access, while Trend Micro observed exploitation attempts for CVE-2026-34926 in the wild. FCEB agencies must remediate by June 4, 2026.

   Show sources

   • CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV — thehackernews.com — 22.05.2026 08:47

   Open in new tab

Information Snippets

• CVE-2025-34291 is an origin validation error in Langflow (CVSS 9.4) enabling arbitrary code execution and full system compromise.

  First reported: 22.05.2026 08:47
  1 source, 1 article
  Show sources

  • CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV — thehackernews.com — 22.05.2026 08:47

• CVE-2025-34291 exploits three combined weaknesses: overly permissive CORS, absence of CSRF protection, and an endpoint designed for code execution.

  First reported: 22.05.2026 08:47
  1 source, 1 article
  Show sources

  • CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV — thehackernews.com — 22.05.2026 08:47

• Successful exploitation of CVE-2025-34291 compromises the Langflow instance and exposes all sensitive access tokens and API keys stored in the workspace, enabling cascading compromises across integrated cloud and SaaS services.

  First reported: 22.05.2026 08:47
  1 source, 1 article
  Show sources

  • CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV — thehackernews.com — 22.05.2026 08:47

• CVE-2026-34926 is a directory traversal vulnerability in on-premise Trend Micro Apex One versions (CVSS 6.7) allowing pre-authenticated local attackers to modify a key table on the server and inject malicious code deployable to agents.

  First reported: 22.05.2026 08:47
  1 source, 1 article
  Show sources

  • CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV — thehackernews.com — 22.05.2026 08:47

• CVE-2026-34926 exploitation requires administrative credentials to the Apex One server and access to the Apex One Server.

  First reported: 22.05.2026 08:47
  1 source, 1 article
  Show sources

  • CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV — thehackernews.com — 22.05.2026 08:47

• MuddyWater, an Iranian hacking group, has exploited CVE-2025-34291 to obtain initial access to target networks.

  First reported: 22.05.2026 08:47
  1 source, 1 article
  Show sources

  • CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV — thehackernews.com — 22.05.2026 08:47

• Trend Micro observed at least one instance of active exploitation attempts for CVE-2026-34926 in the wild.

  First reported: 22.05.2026 08:47
  1 source, 1 article
  Show sources

  • CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV — thehackernews.com — 22.05.2026 08:47

• FCEB agencies are mandated to apply fixes for both vulnerabilities by June 4, 2026.

  First reported: 22.05.2026 08:47
  1 source, 1 article
  Show sources

  • CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV — thehackernews.com — 22.05.2026 08:47