CISA Adds Langflow and Trend Micro Apex One Flaws to KEV Catalog
CISA has added CVE-2025-34291 (Langflow) and CVE-2026-34926 (Trend Micro Apex One) to its Known Exploited Vulnerabilities catalog due to active exploitation.
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation. The newly listed flaws are CVE-2025-34291, an origin validation error in Langflow, and CVE-2026-34926, a directory traversal vulnerability in Trend Micro Apex One (On-Premise). Both vulnerabilities are being actively used by malicious cyber actors and pose significant risks to federal enterprise networks.
CVE-2025-34291 affects Langflow, an open-source low-code tool for building AI agents and RAG applications. The vulnerability is an origin validation error that could allow an attacker to bypass security checks and potentially execute unauthorized actions. Langflow has released patches in version 1.3.1 and later to address the flaw. Organizations running Langflow should update immediately to prevent exploitation.
CVE-2026-34926 is a directory traversal vulnerability in Trend Micro Apex One (On-Premise). This flaw could allow an attacker to read arbitrary files on the affected system, potentially exposing sensitive configuration data or credentials. Trend Micro has released a security patch for Apex One (On-Premise) to remediate the issue. Administrators are urged to apply the patch as soon as possible.
The addition of these vulnerabilities to the KEV Catalog is part of CISA's ongoing effort to track and prioritize vulnerabilities that are actively exploited in the wild. Binding Operational Directive (BOD) 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the specified due date to protect their networks. While BOD 22-01 only applies to federal agencies, CISA strongly recommends that all organizations prioritize patching these vulnerabilities as part of their vulnerability management practices.
CISA will continue to add vulnerabilities to the KEV Catalog that meet the specified criteria, helping organizations focus their resources on the most critical threats. The agency emphasizes that timely remediation of known exploited vulnerabilities is one of the most effective ways to reduce cyber risk.