CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Langflow and Trend Micro Apex One to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities in question are listed below - CVE-2025-34291 (CVSS score: 9.4) - An origin validation error vulnerability in Langflow that could

The article reports that CISA added a critical Langflow vulnerability (CVE-2025-34291, CVSS 9.4) and a Trend Micro Apex One on‑premise flaw (CVE-2026-34926) to its Known Exploited Vulnerabilities catalog due to confirmed active exploitation.[1][2] For Langflow—an AI/LLM workflow and orchestration tool—the issue is an origin validation error combined with overly permissive CORS, missing CSRF protection, and a code-execution endpoint, enabling remote code execution, full system compromise, and exposure of stored access tokens and API keys, risking cascading compromise across integrated cloud and SaaS services.[1][2] Ctrl-Alt-Intel and Obsidian Security have documented exploitation of the Langflow bug by the MuddyWater Iran‑nexus APT group for initial access.[1][2] From a CyberSE.AI perspective, this represents a high-severity SaaS AI risk because compromising Langflow as an AI orchestration layer can pivot attackers into downstream LLM tools, vector stores, SaaS APIs, and other integrated services, turning one RCE into multi-platform credential theft and data exposure. Organizations should harden AI workflow platforms like Langflow with strict origin controls, CSRF protections, l