CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV

CISA added two vulnerabilities to its Known Exploited Vulnerabilities catalog: CVE-2025-34291 (CVSS 9.4) — a Langflow origin validation/RCE issue exploited by the Iranian state‑sponsored group MuddyWater that can expose tokens and API keys and lead to full system compromise — and CVE-2026-34926 (CVSS 6.7) — a directory traversal in on‑premise Trend Micro Apex One with at least one observed exploitation attempt; federal agencies are required to patch by June 4, 2026.