Overview
- CISA on Friday, May 22, 2026 added CVE-2025-34291 (Langflow) and CVE-2026-34926 (Trend Micro Apex One) to its Known Exploited Vulnerabilities catalog after evidence showed both flaws were used or probed in the wild.
- The Langflow flaw is an origin validation error scored 9.4 that chains permissive CORS, missing CSRF protection, and a code‑execution endpoint to allow arbitrary code execution and full system compromise.
- Security reports link Langflow exploitation to the Iranian group MuddyWater and warn that exposed workspace tokens and API keys can let attackers move from a single Langflow instance into integrated cloud and SaaS services.
- TrendAI said the Apex One issue is a medium‑severity directory traversal that affects only on‑prem servers and requires attacker access to the Apex One server with admin credentials, and the company released a patch after observing at least one exploit attempt.
- Federal agencies must apply fixes by June 4, 2026, and organizations should install patches, review admin access and remote‑access policies, and audit stored tokens and API keys to reduce the risk of cascading breaches.