CISA Flags Actively Exploited Langflow, Trend Micro Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has sounded the alarm on two major vulnerabilities, CVE-2025-34291 and CVE-2026-34926, currently being exploited by hackers, and is requiring federal agencies to patch them by June 4, 2026. These weaknesses, found in Langflow and Trend Micro Apex One, could…

https://osintsights.com/cisa-flags-actively-exploited-langflow-trend-micro-vulnerabilities?utm_source=mastodon&utm_medium=social

#KnownExploitedVulnerabilities #Cve202534291 #Cve202634926 #Langflow #TrendMicro

🚨 [CISA-2026:0521] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0521)

CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2025-34291 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-34291)
- Name: Langflow Origin Validation Error Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Langflow
- Product: Langflow
- Notes: This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/langflow-ai/langflow ; https://github.com/langflow-ai/langflow/releases/tag/v1.9.3; https://github.com/langflow-ai/langflow/issues/11465#event-25774545848 ; https://nvd.nist.gov/vuln/detail/CVE-2025-34291

⚠️ CVE-2026-34926 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34926)
- Name: Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Trend Micro
- Product: Apex One
- Notes: https://success.trendmicro.com/en-US/solution/KA-0023430 ; https://nvd.nist.gov/vuln/detail/CVE-2026-34926

#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260521 #cisa20260521 #cve_2025_34291 #cve_2026_34926 #cve202534291 #cve202634926

🚨 This week’s CrowdSec Threat Alert highlights CVE-2025-34291, a critical LangFlow RCE actively exploited in the wild.

👀 Security teams: patch your LangFlow instances and harden configurations to prevent account takeovers and full AI workflow compromise.

Explore the attack details, threat patterns, and mitigation steps in the latest article: https://www.crowdsec.net/vulntracking-report/cve-2025-34291

#CVE #CVE202534291 #RCE #LangFlow #ThreatAlert #cybersecurity