On May 21, 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two vulnerabilities to the Known Exploited Vulnerabilities (KEV) catalog: a critical origin validation flaw in the Langflow platform (CVE-2025-34291, CVSS 9.4), which allows arbitrary code execution and complete system compromise, and a directory traversal vulnerability in on-premises versions of Trend Micro Apex One (CVE-2026-34926, CVSS 6.7). Both vulnerabilities have been confirmed as actively exploited. U.S. federal civilian agencies are required to apply patches by June 4, 2026, but the threat extends to all organizations using these products.

Technical analysis of the vulnerabilities

CVE-2025-34291 — remote code execution in Langflow

Langflow is a popular platform for visually building workflows using AI agents. The vulnerability CVE-2025-34291 received a critical CVSS score of 9.4 and is classified as an origin validation error, resulting in the ability to execute arbitrary code and fully compromise the system.

According to researchers at Obsidian Security, who published a detailed analysis in December 2025, exploitation relies on a chain of three weaknesses:

• Overly permissive CORS policy — allows third-party domains to send requests to the platform’s API;
• Lack of CSRF protection — the server does not verify the legitimacy of cross-site requests;
• An endpoint that intentionally allows code execution — functionality intended to run user agents becomes an attack vector when authentication is bypassed.

As Obsidian Security researchers note, the consequences of successful exploitation extend far beyond the Langflow instance itself: the attacker gains access to all access tokens and API keys stored in the workspace. This creates a cascading compromise effect — the attacker can use the extracted credentials to break into all integrated cloud and SaaS services.

CVE-2026-34926 — directory traversal in Trend Micro Apex One

The vulnerability CVE-2026-34926 affects only on-premises versions of Trend Micro Apex One and is rated 6.7 on the CVSS scale. It is a directory traversal vulnerability that allows a local attacker to modify a critical table on the server to inject malicious code, which is then propagated to agents on all connected installations.

Trend Micro has confirmed that it has observed at least one attempt at active exploitation of this vulnerability. At the same time, the vendor emphasizes an important constraint: to exploit it, an attacker must already have access to the Apex One server and possess administrative credentials obtained by other means. This means the vulnerability is used as a post-exploitation element rather than an initial intrusion vector.

Impact assessment

The two vulnerabilities pose a threat to fundamentally different categories of organizations, but both are dangerous in the context of real-world attacks.

Langflow (CVE-2025-34291) — the highest risk is for companies that are actively adopting AI agents and using Langflow to orchestrate workflows. Given that the platform is inherently integrated with many external services via API keys, compromise of a single Langflow instance can lead to data leakage from dozens of connected systems. The critical CVSS 9.4 score reflects precisely this multiplicative effect: an attack on one node opens access to the entire ecosystem of integrations.

Trend Micro Apex One (CVE-2026-34926) — despite a lower CVSS score of 6.7 and the requirement for prior access, the vulnerability poses a serious threat to large corporate environments. The attack mechanism makes it possible to inject malicious code into the table used to deploy updates to agents. In effect, this turns the security solution’s server into a channel for malware distribution — a classic supply chain attack scenario within an organization.

Practical recommendations

Response prioritization should take into account the confirmed active exploitation of both vulnerabilities:

• Langflow: immediately install the update that fixes CVE-2025-34291. Until the patch is applied, consider restricting network access to Langflow instances, in particular by blocking external connections to the API. After updating, rotate all API keys and access tokens stored in Langflow workspaces, as they may have been compromised.
• Trend Micro Apex One: apply the Trend Micro patch for on-premises installations. Audit administrative accounts on the Apex One server — the vulnerability requires administrative access, which may indicate a prior compromise. Check the integrity of deployment tables on the server and review access logs for signs of anomalous activity.
• For both vulnerabilities: the deadline for U.S. federal agencies is June 4, 2026. Commercial organizations are advised to follow the same schedule or adopt even more aggressive timelines, given the confirmed exploitation.

The inclusion of both vulnerabilities in the KEV catalog, combined with confirmed exploitation, makes them priorities for immediate patching. Organizations using Langflow should, in parallel with updating, perform a full rotation of secrets in integrated services — it is the cascading compromise via stored tokens that represents the greatest practical danger of CVE-2025-34291. For Apex One users, the key step is not only installing the patch, but also investigating how an attacker could have obtained administrative access to the server, since the vulnerability itself is only one link in a broader attack chain.