Ethical Hacking News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws impacting Langflow and Trend Micro Apex One to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. CVE-2025-34291 allows an attacker to execute arbitrary code and achieve full system compromise, while CVE-2026-34926 pertains to a directory traversal issue that can be exploited by pre-authenticated local attackers.
The US Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog, including CVE-2025-34291 in Langflow and CVE-2026-34926 in Trend Micro Apex One. CVE-2025-34291 carries a CVSS score of 9.4 and allows an attacker to execute arbitrary code, exposing sensitive access tokens and API keys stored within the workspace. Trend Micro has confirmed that at least one instance of exploitation of CVE-2026-34926 in the wild has been observed, with potential for damage despite requiring administrative credentials. Organizations are advised to apply necessary fixes by June 4, 2026, to secure their networks and remain vigilant against emerging threats.
In recent weeks, the cybersecurity landscape has been plagued by an unprecedented number of vulnerabilities and exploits that have left organizations scrambling to patch their systems before they fall prey to these nefarious attacks. The latest addition to this list is the inclusion of two security flaws impacting Langflow and Trend Micro Apex One in the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). This development underscores the ever-evolving nature of cyber threats, as attackers continue to find new ways to exploit weaknesses in our systems.
The first vulnerability being discussed here is CVE-2025-34291, which carries a CVSS score of 9.4. This particular issue revolves around an origin validation error in Langflow, allowing an attacker to execute arbitrary code and achieve full system compromise. The impact of this vulnerability cannot be overstated, as it exposes all sensitive access tokens and API keys stored within the workspace, potentially triggering a cascading compromise across integrated downstream services.
In a report published in December 2025, Obsidian Security shed light on this particular vulnerability, noting that it exploits three combined weaknesses: overly permissive CORS, lack of cross-site request forgery (CSRF) protection, and an endpoint that allows code execution by design. The severity of the threat was further underscored when a report published in March 2026 revealed that MuddyWater, an Iranian hacking group, had successfully exploited this vulnerability to gain initial access to target networks.
Another significant development is the inclusion of CVE-2026-34926 in the KEV catalog. This vulnerability carries a CVSS score of 6.7 and pertains to a directory traversal issue in on-premise versions of Trend Micro Apex One. While not as severe as the first vulnerability, this one still presents a risk for pre-authenticated local attackers who can modify key tables on the server to inject malicious code, potentially deploying it to agents on affected installations.
Trend Micro confirmed that they had observed at least one instance of an attempt to actively exploit this vulnerability in the wild. The company emphasized that this vulnerability is only exploitable on the on-premise version of Apex One and requires administrative credentials to be obtained via some other method. Despite these caveats, the potential for damage remains considerable.
In response to the active exploitation of these vulnerabilities, FCEB agencies have been advised to apply the necessary fixes by June 4, 2026, in order to secure their networks. The inclusion of these vulnerabilities in the KEV catalog underscores the importance of timely patching and highlights the need for organizations to remain vigilant in the face of emerging threats.
In conclusion, recent vulnerabilities and exploits such as those discussed here serve as a stark reminder of the ever-present danger lurking within our digital landscape. As cybersecurity continues to evolve at an unprecedented pace, it is imperative that we remain proactive and informed about the latest developments in order to protect ourselves against these increasingly sophisticated threats.
Related Information:
https://www.ethicalhackingnews.com/articles/Cybersecurity-Landscape-Continues-to-Shift-Recent-Vulnerabilities-and-Exploits-Demand-Immediate-Attention-ehn.shtml
https://thehackernews.com/2026/05/cisa-adds-exploited-langflow-and-trend.html
https://nvd.nist.gov/vuln/detail/CVE-2025-34291
https://www.cvedetails.com/cve/CVE-2025-34291/
https://nvd.nist.gov/vuln/detail/CVE-2026-34926
https://www.cvedetails.com/cve/CVE-2026-34926/
Published: Fri May 22 03:12:21 2026 by llama3.2 3B Q4_K_M
