CISA Sound the Alarm: Langflow AI Platform and Trend Micro Added to KEV Catalog Due to Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two newly weaponized security vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. The listing signals clear, definitive evidence of active, in-the-wild exploitation by malicious actors.

Because both flaws serve as frequent, highly reliable attack vectors for advanced persistent threat (APT) groups, they pose severe operational risks to federal networks and commercial supply chains alike. In compliance with Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch (FCEB) agencies have been ordered to apply vendor mitigations by June 4, 2026, to seal their perimeters.

The first flaw added to the KEV catalog targets Langflow, a highly popular, low-code visual framework utilized by enterprise developers to design advanced AI workflows, Retrieval-Augmented Generation (RAG) applications, and multi-agent cloud systems. Tracked as CVE-2025-34291 and carrying a critical CVSS score of 9.4, the vulnerability affects all installations up to and including version 1.6.9.

CVE-2025-34291 is a textbook example of a chained exploitation path where minor configuration trade-offs combine to produce a catastrophic security breakdown. The attack leverages an origin validation error created by an overly permissive Cross-Origin Resource Sharing (CORS) setup (allow_origins=’*’) implemented alongside active credential sharing rules (allow_credentials=True).

This violation of security best practices is further compounded by an insecure cookie configuration: the platform’s authentication refresh token cookie is flagged as SameSite=None.

When an authenticated Langflow user is tricked into visiting a malicious webpage, cross-origin JavaScript running on that page can silently trigger requests to the Langflow instance’s refresh endpoint. Because of the SameSite=None flag, the browser automatically attaches the victim’s legitimate authentication cookie to the request.

The server validates the request and unknowingly hands fresh access and refresh token pairs back to the attacker-controlled origin. Armed with these hijacked tokens, the attacker takes over the user session and leverages Langflow’s built-in visual code execution suite to gain remote code execution (RCE) natively over the host runtime.

The second newly listed exploit hits traditional network defense layers, targeting a directory traversal vulnerability within Trend Micro Apex One. Tracked as CVE-2026-34926 (CVSS 6.7), the flaw is strictly isolated to on-premises installations of the Apex One server software; cloud-delivered SaaS deployments are completely insulated from the vector.

The attack vector requires a highly specific operational positioning: the threat actor must already possess network visibility to the Apex One Server and have independently harvested administrative login credentials through an external initial access vector.

Once situated, a pre-authenticated local attacker can use directory traversal primitives (such as injecting ../ strings) to break out of standard application directory paths. This allows the adversary to bypass filesystem restrictions and programmatically write data into highly restricted internal directories.