{"id":219227,"date":"2026-05-24T03:15:09","date_gmt":"2026-05-24T07:15:09","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/24\/u-s-cisa-adds-trend-micro-apex-one-and-langflow-to-its-known-exploited-vulnerabilities-catalog\/"},"modified":"2026-05-24T03:15:12","modified_gmt":"2026-05-24T07:15:12","slug":"u-s-cisa-adds-trend-micro-apex-one-and-langflow-to-its-known-exploited-vulnerabilities-catalog","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/24\/u-s-cisa-adds-trend-micro-apex-one-and-langflow-to-its-known-exploited-vulnerabilities-catalog\/","title":{"rendered":"U.S. CISA adds Trend Micro Apex One and Langflow to its Known Exploited Vulnerabilities catalog"},"content":{"rendered":"<p><a href=\"https:\/\/securityaffairs.com\/192529\/hacking\/u-s-cisa-adds-trend-micro-apex-one-and-langflow-to-its-known-exploited-vulnerabilities-catalog.html\">U.S. CISA adds Trend Micro Apex One and Langflow to its Known Exploited Vulnerabilities catalog<\/a><\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/192529\/hacking\/u-s-cisa-adds-trend-micro-apex-one-and-langflow-to-its-known-exploited-vulnerabilities-catalog.html\">https:\/\/securityaffairs.com\/192529\/hacking\/u-s-cisa-adds-trend-micro-apex-one-and-langflow-to-its-known-exploited-vulnerabilities-catalog.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-22 05:13:30<\/a><\/p>\n<p>Source Domain: <a href=\"securityaffairs.com\">securityaffairs.com<\/a><\/p>\n<p><strong>Summary:<\/strong><\/p>\n<p>The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities catalog to include two critical flaws in Langflow and the on-premise version of Trend Micro&#8217;s Apex One security product. Specifically added were CVE-2025-34291, an origin validation error in Langflow that scores a 9.4 on the CVSS scale, allowing attackers to execute arbitrary code and gain complete system control. The issue is exacerbated by weak configurations and CSRF protections, making it an imminent threat due to its exploitation by the MuddyWater group. Another critical addition is CVE-2026-34926, an on-premise Trend Micro Apex One directory traversal vulnerability that scores a CVSS of 6.7 and allows attackers to modify system tables and inject malicious code if they already have administrative access to the server. The flaws underscore the pressing need for organizations to fortify their defenses against these vulnerabilities, as per CISA\u2019s Binding Operational Directive 22-01 mandate. In response, CISA has mandated that federal agencies, like all FCEB entities, must mitigate these threats by June 4, 2026.<\/p>\n<p><strong>Key Points:<\/strong><\/p>\n<ul>\n<li>CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities catalog: CVE-2025-34291 in Langflow and CVE-2026-34926 in Trend Micro Apex One on-premises.<\/li>\n<li>CVE-2025-34291 allows for arbitrary code execution and poses significant risks, leveraged by the MuddyWater APT group.<\/li>\n<li>CVE-2026-34926 enables directory traversal, allowing potentially severe modifications by attackers who already have access to an administrative credential.<\/li>\n<li>Federal entities have until June 4, 2026, to remediate these vulnerabilities in compliance with CISA\u2019s Binding Operational Directive (BOD) 22-01.<\/li>\n<\/ul>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>U.S. CISA adds Trend Micro Apex One and Langflow to its Known Exploited Vulnerabilities catalog&#8230;<\/p>\n","protected":false},"author":1,"featured_media":219228,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2020\/07\/CISA.jpeg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,27],"class_list":["post-219227","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/219227"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=219227"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/219227\/revisions"}],"predecessor-version":[{"id":219229,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/219227\/revisions\/219229"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/219228"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=219227"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=219227"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=219227"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}