CISA added Langflow and Trend Micro Apex One to KEV

Colleagues, a cybersecurity alert: CISA has added two exploitable vulnerabilities to the KEV catalog — Langflow and Trend Micro Apex One.
- CVE-2025-34291 (Langflow): origin validation flaw enabling RCE; a combination of permissive CORS, missing CSRF protection and a vulnerable endpoint can compromise tokens and keys.
- CVE-2026-34926 (Apex One on-prem): directory traversal allowing modification of the server database table to inject code; Trend Micro observed exploitation attempts, though server access and admin credentials are required.
Federal agencies must remediate by 4 June 2026. I recommend auditing on-prem instances, reviewing accounts, and applying patches.
Why it matters: successful exploitation enables full system compromise.
What steps will you take?
#cybersecurity #vulnerabilities #CISA #patches


Latest comments
No comments yet.