VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

CISA added Langflow and Trend Micro Apex One to KEV

CISA добавила в KEV уязвимости Langflow и Trend Micro Apex One

Colleagues, a cybersecurity alert: CISA has added two exploitable vulnerabilities to the KEV catalog — Langflow and Trend Micro Apex One.

- CVE-2025-34291 (Langflow): origin validation flaw enabling RCE; a combination of permissive CORS, missing CSRF protection and a vulnerable endpoint can compromise tokens and keys.
- CVE-2026-34926 (Apex One on-prem): directory traversal allowing modification of the server database table to inject code; Trend Micro observed exploitation attempts, though server access and admin credentials are required.

Federal agencies must remediate by 4 June 2026. I recommend auditing on-prem instances, reviewing accounts, and applying patches.

Why it matters: successful exploitation enables full system compromise.

What steps will you take?

#cybersecurity #vulnerabilities #CISA #patches

Latest comments

No comments yet.