Key Takeaways
- CISA added two actively exploited flaws—CVE‑2025‑34291 (Langflow) and CVE‑2026‑34926 (Trend Micro Apex One)—to its Known Exploited Vulnerabilities (KEV) catalog.
- The Langflow vulnerability (CVSS 9.4) stems from an origin‑validation error that can be chained with permissive CORS, missing CSRF protection, and a built‑in code‑execution endpoint, enabling full system compromise and leakage of sensitive tokens.
- Iranian state‑sponsored group MuddyWater has been observed using CVE‑2025‑34291 to gain initial access to target networks.
- The Trend Micro flaw (CVSS 6.7) is a directory‑traversal issue affecting on‑premise Apex One servers; exploitation requires pre‑authenticated local access and administrative credentials already obtained via another vector.
- Trend Micro confirmed at least one real‑world exploitation attempt of CVE‑2026‑34926.
- Federal Civilian Executive Branch (FCEB) agencies must remediate both vulnerabilities by June 4, 2026 to comply with CISA’s binding operational directive.
Overview of CISA’s KEV Update
On Thursday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the inclusion of two security flaws in its Known Exploited Vulnerabilities (KEV) catalog. The agency cited concrete evidence of active exploitation in the wild as the basis for adding these entries. The KEV list serves as a prioritized guide for federal agencies and critical‑infrastructure operators to focus patching efforts on vulnerabilities that attackers are already leveraging. By highlighting CVE‑2025‑34291 and CVE‑2026‑34926, CISA aims to accelerate remediation across Federal Civilian Executive Branch (FCEB) networks and encourage broader adoption of defensive measures in the private sector.
Details of CVE‑2025‑34291 in Langflow
CVE‑2025‑34291 carries a CVSS v3.1 base score of 9.4, reflecting its critical severity. The flaw originates from an origin‑validation error within Langflow, a popular low‑code workflow automation platform. When exploited, the vulnerability permits an attacker to execute arbitrary code on the underlying server, potentially leading to full system compromise. The issue is exacerbated by a combination of weak cross‑origin resource sharing (CORS) settings, the absence of cross‑site request forgery (CSRF) protections, and an intentionally exposed endpoint that allows code execution by design. Together, these weaknesses create a powerful attack chain that can be triggered remotely without requiring user interaction.
Impact Assessment from Obsidian Security
In a December 2025 report, Obsidian Security detailed how CVE‑2025‑34291 can be weaponized. The analysts noted that the overly permissive CORS configuration allows malicious web pages to send requests to the Langflow instance from arbitrary origins. Coupled with missing CSRF tokens, an attacker can craft a request that the server trusts as legitimate. The vulnerable endpoint, intended for internal workflow scripting, then executes the supplied payload. Successful exploitation not only grants the attacker control over the Langflow server but also exposes all stored access tokens, API keys, and credentials used by integrated services. This leakage can trigger a cascading compromise across downstream cloud and SaaS applications that rely on those secrets for authentication.
Observed Exploitation by MuddyWater
Further analysis by Ctrl‑Alt‑Intel in March 2026 linked active exploitation of CVE‑2025‑34291 to an Iranian state‑sponsored hacking group known as MuddyWater. The group reportedly used the flaw to gain initial footholds within target networks, subsequently moving laterally to harvest sensitive data and deploy additional malware. The attribution underscores the vulnerability’s appeal to advanced persistent threat (APT) actors seeking reliable, low‑noise entry points into enterprise environments. The findings reinforce CISA’s decision to prioritize the flaw in its KEV catalog, given its proven utility in real‑world espionage campaigns.
Overview of CVE‑2026‑34926 in Trend Micro Apex One
The second vulnerability added to the KEV list, CVE‑2026‑34926, carries a CVSS score of 6.7, indicating a high‑severity issue. It affects the on‑premise versions of Trend Micro Apex One, an endpoint protection platform widely used in corporate settings. The flaw is classified as a directory‑traversal vulnerability that permits a pre‑authenticated local attacker to navigate beyond intended directory boundaries and modify a critical key table on the server. By altering this table, an adversary can inject malicious code that gets distributed to managed agents during routine policy updates, thereby achieving persistence and potential remote execution across the endpoint fleet.
Exploitation Requirements and Trend Micro’s Statement
Trend Micro clarified that exploiting CVE‑2026‑34926 is not trivial; the attacker must already possess local access to the Apex One server and have obtained administrative credentials through some other means (e.g., credential theft, privilege escalation, or a separate vulnerability). Once these prerequisites are met, the directory‑traversal flaw can be leveraged to write arbitrary data into the server’s key table. The vendor reported that it has observed at least one instance of an active exploitation attempt in the wild, confirming that the vulnerability is not merely theoretical. Trend Micro advised customers to apply the latest security patches and to enforce strict least‑privilege principles for administrative accounts to mitigate risk.
Implications for Federal Agencies
In response to the active exploitation of both vulnerabilities, CISA issued a binding operational directive requiring all Federal Civilian Executive Branch (FCEB) agencies to apply the necessary fixes by June 4, 2026. For Langflow, this entails upgrading to a patched version that restores proper origin validation, enforces strict CORS policies, adds CSRF tokens, and disables or secures the dangerous code‑execution endpoint. For Trend Micro Apex One, agencies must install the vendor‑provided security update that addresses the directory‑traversal loop and review administrative access controls to prevent credential misuse. Compliance with the deadline is intended to close the current exploitation window and reduce the risk of further compromise across federal networks.
Broader Lessons for Organizations
The addition of these two flaws to the KEV list highlights several universal cybersecurity lessons. First, seemingly modest misconfigurations—such as lax CORS settings or absent CSRF protections—can combine with legitimate functionality to produce critical risk. Second, vulnerabilities that require prior privilege escalation (like CVE‑2026‑34926) remain dangerous because attackers often chain them with other exploits to achieve the needed foothold. Third, timely patching, coupled with robust configuration management and least‑privilege access controls, is essential to defend against both remote and local attack vectors. Organizations, whether federal or private, should treat KEV‑listed vulnerabilities as high‑priority items in their vulnerability‑management programs, leveraging threat‑intelligence feeds to stay ahead of adversaries who are already weaponizing these issues.