The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently issued a significant alert regarding two critical security vulnerabilities impacting Langflow and Trend Micro Apex One. These vulnerabilities have been added to the agency’s Known Exploited Vulnerabilities (KEV) catalog due to evidence of their active exploitation. This move underscores the urgent need for federal agencies to address these security flaws promptly.
Details of the Langflow and Trend Micro Vulnerabilities
Two specific vulnerabilities have been highlighted by CISA. The first, identified as CVE-2025-34291, is a critical origin validation error in Langflow with a CVSS score of 9.4. This flaw permits attackers to execute arbitrary code, potentially leading to a complete system compromise. The second vulnerability, CVE-2026-34926, pertains to Trend Micro Apex One’s on-premise versions, scoring 6.7 on the CVSS scale. It enables a directory traversal attack that allows malicious code injection by a pre-authenticated local attacker.
Reports and Potential Exploitation
According to a December 2025 report by Obsidian Security, the Langflow vulnerability exploits a combination of three weaknesses: overly permissive CORS, absence of CSRF protection, and an inherently exploitable endpoint. This security flaw not only compromises the Langflow instance but also risks the exposure of sensitive access tokens and API keys, potentially affecting integrated cloud and SaaS services. Additionally, Ctrl-Alt-Intel reported in March 2026 that the MuddyWater group, linked to Iran, has exploited this vulnerability for initial network access.
Response and Mitigation Measures
Trend Micro has acknowledged that CVE-2026-34926 is actively being targeted, noting that exploitation requires access to the Apex One server with administrative credentials. This vulnerability is specific to on-premise deployments, emphasizing the need for rigorous access controls. In response to these threats, the Federal Civilian Executive Branch (FCEB) agencies have been mandated to implement necessary patches by June 4, 2026, to secure their infrastructure against these vulnerabilities.
The addition of these vulnerabilities to CISA’s KEV catalog highlights the critical nature of these security risks and the importance of timely mitigation to prevent potential exploitation. As cyber threats continue to evolve, maintaining robust security measures is essential to protect sensitive systems and data.
