{"id":252283,"date":"2026-05-22T05:46:00","date_gmt":"2026-05-22T09:46:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/22\/u-s-cisa-adds-trend-micro-apex-one-and-langflow-to-its-known-exploited-vulnerabilities-catalog\/"},"modified":"2026-05-22T06:35:20","modified_gmt":"2026-05-22T10:35:20","slug":"u-s-cisa-adds-trend-micro-apex-one-and-langflow-to-its-known-exploited-vulnerabilities-catalog","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/22\/u-s-cisa-adds-trend-micro-apex-one-and-langflow-to-its-known-exploited-vulnerabilities-catalog\/","title":{"rendered":"U.S. CISA adds Trend Micro Apex One and Langflow to its Known Exploited Vulnerabilities catalog"},"content":{"rendered":"<p><a href=\"https:\/\/securityaffairs.com\/192529\/hacking\/u-s-cisa-adds-trend-micro-apex-one-and-langflow-to-its-known-exploited-vulnerabilities-catalog.html\">U.S. CISA adds Trend Micro Apex One and Langflow to its Known Exploited Vulnerabilities catalog<\/a><\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/192529\/hacking\/u-s-cisa-adds-trend-micro-apex-one-and-langflow-to-its-known-exploited-vulnerabilities-catalog.html\">https:\/\/securityaffairs.com\/192529\/hacking\/u-s-cisa-adds-trend-micro-apex-one-and-langflow-to-its-known-exploited-vulnerabilities-catalog.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-22 05:46:00<\/a><\/p>\n<p>Source Domain: <a href=\"securityaffairs.com\">securityaffairs.com<\/a><\/p>\n<p><h2>U.S. CISA adds Trend Micro Apex One and Langflow to its Known Exploited Vulnerabilities catalog<\/h2>\n<\/p>\n<p>\t\t\t\t\t\t\t<span> Pierluigi Paganini<\/span><br \/>\n\t\t\t\t\t\t\t<span><img decoding=\"async\" src=\"https:\/\/securityaffairs.com\/wp-content\/themes\/security_affairs\/images\/clock-icon.svg\" alt=\"\"\/> May 22, 2026<\/span><\/p>\n<p>\t\t\t\t\t\t<img decoding=\"async\" class=\"img-fluid mb-4\" src=\"https:\/\/i0.wp.com\/securityaffairs.com\/wp-content\/uploads\/2020\/07\/CISA.jpeg?fit=700%2C368&#038;ssl=1\" alt=\"\"\/><\/p>\n<h2 class=\"wp-block-heading\">U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Trend Micro Apex One and Langflow flaws to its Known Exploited Vulnerabilities catalog.<\/h2>\n<p class=\"wp-block-paragraph\">The U.S. Cybersecurity and Infrastructure Security Agency (CISA)\u00a0added Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog.<\/p>\n<p class=\"wp-block-paragraph\">Below are the flaws added to the catalog:<\/p>\n<ul class=\"wp-block-list\">\n<li>CVE-2025-34291\u00a0Langflow Origin Validation Error Vulnerability<\/li>\n<li>CVE-2026-34926\u00a0Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability<\/li>\n<\/ul>\n<p class=\"wp-block-paragraph\">CVE-2025-34291\u00a0(CVSS score of 9.4) is an origin validation error issue in Langflow, An attacker can exploit the flaw to execute arbitrary code and achieve full system compromise.<\/p>\n<p class=\"wp-block-paragraph\">A report published by Obsidian Security back in December 2025 laid out exactly why CVE-2025-34291 is as dangerous as it sounds. The vulnerability chains three separate weaknesses together: overly permissive CORS settings, missing CSRF protection, and an endpoint that is designed to execute code, meaning an attacker does not need to find a clever bypass, they just need to reach something that was built to run code in the first place.<\/p>\n<p class=\"wp-block-paragraph\">\u201cThe impact is severe: successful exploitation not only compromises the Langflow instance but also exposes all sensitive access tokens and API keys stored within the workspace. This can trigger a cascading compromise across all integrated downstream services in cloud and SaaS environments,\u201d Obsidian noted at the time.<\/p>\n<p class=\"wp-block-paragraph\">In March 2026, Ctrl-Alt-Intel published a report documenting active exploitation of CVE-2025-34291 by MuddyWater, an Iran-nexus APT group, which used the vulnerability to gain initial access to target networks. When a nation-state actor is actively using something in real intrusions, the conversation shifts&#8230;<\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/192529\/hacking\/u-s-cisa-adds-trend-micro-apex-one-and-langflow-to-its-known-exploited-vulnerabilities-catalog.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>U.S. CISA adds Trend Micro Apex One and Langflow to its Known Exploited Vulnerabilities catalog&#8230;<\/p>\n","protected":false},"author":1,"featured_media":252284,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2020\/07\/CISA.jpeg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,31,27],"class_list":["post-252283","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-exploit","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/252283"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=252283"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/252283\/revisions"}],"predecessor-version":[{"id":252285,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/252283\/revisions\/252285"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/252284"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=252283"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=252283"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=252283"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}