U.S. CISA adds Trend Micro Apex One and Langflow to its Known Exploited Vulnerabilities catalog

Pierluigi Paganini
May 22, 2026

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Trend Micro Apex One and Langflow flaws to its Known Exploited Vulnerabilities catalog.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog.

Below are the flaws added to the catalog:

CVE-2025-34291 Langflow Origin Validation Error Vulnerability
CVE-2026-34926 Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability

CVE-2025-34291 (CVSS score of 9.4) is an origin validation error issue in Langflow, An attacker can exploit the flaw to execute arbitrary code and achieve full system compromise.

A report published by Obsidian Security back in December 2025 laid out exactly why CVE-2025-34291 is as dangerous as it sounds. The vulnerability chains three separate weaknesses together: overly permissive CORS settings, missing CSRF protection, and an endpoint that is designed to execute code, meaning an attacker does not need to find a clever bypass, they just need to reach something that was built to run code in the first place.

“The impact is severe: successful exploitation not only compromises the Langflow instance but also exposes all sensitive access tokens and API keys stored within the workspace. This can trigger a cascading compromise across all integrated downstream services in cloud and SaaS environments,” Obsidian noted at the time.

In March 2026, Ctrl-Alt-Intel published a report documenting active exploitation of CVE-2025-34291 by MuddyWater, an Iran-nexus APT group, which used the vulnerability to gain initial access to target networks. When a nation-state actor is actively using something in real intrusions, the conversation shifts…

Source

U.S. CISA adds Trend Micro Apex One and Langflow to its Known Exploited Vulnerabilities catalog