U.S. CISA adds Trend Micro Apex One and Langflow to its Known Exploited Vulnerabilities catalog

CISA added two actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog: a critical Langflow origin validation bug (CVE-2025-34291, CVSS 9.4) that can lead to full system compromise and token exposure and is being abused by the MuddyWater APT, and a Trend Micro Apex One on-premises directory traversal (CVE-2026-34926, CVSS 6.7) that requires prior access but has observed exploitation; federal agencies must remediate by June 4, 2026.