{"id":1011,"date":"2026-05-22T07:16:57","date_gmt":"2026-05-22T07:16:57","guid":{"rendered":"https:\/\/thedigitalfortress.us\/?p=1011"},"modified":"2026-05-22T07:16:57","modified_gmt":"2026-05-22T07:16:57","slug":"cisa-adds-exploited-langflow-and-trend-micro-apex-one-vulnerabilities-to-kev","status":"publish","type":"post","link":"https:\/\/thedigitalfortress.us\/?p=1011","title":{"rendered":"CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV"},"content":{"rendered":"<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">May 22, 2026<\/span><\/span><span class=\"p-tags\">Vulnerability \/ Cyber Attack<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a href=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEi04a_rowIzNPvHHvDTUE34d3bZlOhBeQXtC0UdXyjlf988G4zVE89QKWqSWASKd2LD0T8O2XhkDVgG7UGFIxlpvQWHPx-o_X7vfMK5fH4uSDg3eSUDAaWKtgresEyD9JpINkxtdELWn-qiv6usoLgwSlYNi89xJeVBwYYsCF2y-KKNz0x04KS0PeDPL57J\/s1700-e365\/cisa-kev-flaws.jpg\" style=\"display: block;  text-align: center; clear: left; float: left;\"><\/a><\/div>\n<p>The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday <a href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2026\/05\/21\/cisa-adds-two-known-exploited-vulnerabilities-catalog\" target=\"_blank\">added<\/a> two security flaws impacting Langflow and Trend Micro Apex One to its Known Exploited Vulnerabilities (<a href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog\" target=\"_blank\">KEV<\/a>) catalog, citing evidence of active exploitation.<\/p>\n<p>The vulnerabilities in question are listed below &#8211;<\/p>\n<ul>\n<li><b><a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2025-34291\" target=\"_blank\">CVE-2025-34291<\/a><\/b> (CVSS score: 9.4) &#8211; An origin validation error vulnerability in Langflow that could allow an attacker to execute arbitrary code and achieve full system compromise.<\/li>\n<li><b><a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2026-34926\" target=\"_blank\">CVE-2026-34926<\/a><\/b> (CVSS score: 6.7) &#8211; A directory traversal vulnerability in on-premise versions of Trend Micro Apex One that could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations.<\/li>\n<\/ul>\n<p>In a report published in December 2025, Obsidian Security said CVE-2025-34291 exploits three combined weaknesses: overly Permissive CORS, lack of cross-site request forgery (CSRF) protection, and an endpoint that allows code execution by design.<\/p>\n<div class=\"dog_two clear\">\n<div class=\"cf\"><a href=\"https:\/\/thehackernews.uk\/ai-cant-stop-d\" rel=\"nofollow noopener sponsored\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybersecurity\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjPEV6-530TOlxG6PjrmdlY623wpBwduZ7t1HV6flcmO5R4q4AmfixDUzW0CrhlvMVNWbhvOIso-UDNTka4W_W9Chrdj_dglwBZwi7DuePM2IMIl-hfUYVIqBXgfpr_2619K8Gptb4LzwJ6gUbi7lWl2M8AFQJsHEaw63Q7tZ6708YGruiHrr0Y2W9YYxLQ\/s728-e100\/ThreatLocker-d.png\" width=\"729\" height=\"91\"\/><\/a><\/div>\n<\/div>\n<p>\u00abThe impact is severe: successful exploitation not only compromises the Langflow instance but also exposes all sensitive access tokens and API keys stored within the workspace,\u00bb the company <a href=\"https:\/\/www.obsidiansecurity.com\/blog\/cve-2025-34291-critical-account-takeover-and-rce-vulnerability-in-the-langflow-ai-agent-workflow-platform\" target=\"_blank\">noted<\/a> at the time. \u00abThis can trigger a cascading compromise across all integrated downstream services in cloud and SaaS environments.\u00bb<\/p>\n<p>In a report published in March 2026, Ctrl-Alt-Intel said the vulnerability had been exploited by an Iranian hacking group named MuddyWater to obtain initial access to target networks.<\/p>\n<p>As for CVE-2026-34926, Trend Micro <a href=\"https:\/\/success.trendmicro.com\/en-US\/solution\/KA-0023430\" target=\"_blank\">said<\/a> it \u00abobserved at least one instance of an attempt to actively exploit one of these vulnerabilities in the wild.\u00bb<\/p>\n<p>\u00abThis vulnerability is only exploitable on the on-premise version of Apex One and a potential attacker must have access to the Apex One Server and already obtained administrative credentials to the server via some other method to exploit this vulnerability,\u00bb it added.<\/p>\n<p>In light of active exploitation, Federal Civilian Executive Branch (FCEB) agencies are required to apply the necessary fixes by June 4, 2026, to secure their networks.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>\ue804Ravie Lakshmanan\ue802May 22, 2026Vulnerability \/ Cyber Attack The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Langflow and Trend Micro Apex One to its&hellip;<\/p>\n","protected":false},"author":1,"featured_media":1012,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[200,1763,62,128,203,796,1762,1761,474],"class_list":["post-1011","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-adds","tag-apex","tag-cisa","tag-exploited","tag-kev","tag-langflow","tag-micro","tag-trend","tag-vulnerabilities"],"_links":{"self":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/1011","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1011"}],"version-history":[{"count":0,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/1011\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/media\/1012"}],"wp:attachment":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1011"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1011"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1011"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}