Langflow and Trend Micro Apex One exploited flaws (multiple vulnerabilities)
Vulnerability
Summary
Hide ▲
Show ▼
CISA added CVE-2025-34291 in Langflow and CVE-2026-34926 in Trend Micro Apex One to the KEV catalog after evidence of active exploitation. The Langflow flaw can lead to arbitrary code execution and full system compromise, while the Apex One flaw can enable malicious code injection on affected installations. FCEB agencies must apply fixes by June 4, 2026.
Related Happenings
Langflow path traversal flaw (CVE-2026-5027)
Vulnerability
H score33
First: 10.06.2026 18:00
Last: 10.06.2026 18:00
Sources 1
About this happening:
**Langflow**'s **CVE-2026-5027** is an **unpatched path traversal** vulnerability that is being **actively exploited** in the wild. The flaw lets an attacker write files to arbitr...
Langflow path traversal flaw (CVE-2026-5027)
VulnerabilityAbout this happening: **Langflow**'s **CVE-2026-5027** is an **unpatched path traversal** vulnerability that is being **actively exploited** in the wild. The flaw lets an attacker write files to arbitr...
Magento exploitation wave for CVE-2026-45247
Exploitation Wave
H score9
First: 04.06.2026 10:19
Last: 04.06.2026 10:19
Sources 1
About this happening:
Active exploitation of **CVE-2026-45247** is hitting **Mirasvit Cache Warmer** on **Magento** stores, with malicious requests carrying serialized PHP payloads that can lead to **r...
Magento exploitation wave for CVE-2026-45247
Exploitation WaveAbout this happening: Active exploitation of **CVE-2026-45247** is hitting **Mirasvit Cache Warmer** on **Magento** stores, with malicious requests carrying serialized PHP payloads that can lead to **r...
Apex One on-premises server directory traversal zero-day (CVE-2026-34926)
Vulnerability
H score53
First: 22.05.2026 16:39
Last: 22.05.2026 16:39
Sources 1
About this happening:
**CVE-2026-34926** is a **Trend Micro Apex One** **on-premises** directory traversal zero-day that can let a privileged local attacker inject malicious code onto affected **agents...
Apex One on-premises server directory traversal zero-day (CVE-2026-34926)
VulnerabilityAbout this happening: **CVE-2026-34926** is a **Trend Micro Apex One** **on-premises** directory traversal zero-day that can let a privileged local attacker inject malicious code onto affected **agents...
CISA KEV action for CVE-2026-31431 and FCEB remediation
Public Sector Action
H score37
First: 03.05.2026 09:26
Last: 03.05.2026 09:26
Sources 1
About this happening:
CISA added **CVE-2026-31431** to its **KEV catalog**, putting **Federal Civilian Executive Branch (FCEB)** agencies on notice to remediate an actively exploited Linux privilege-es...
CISA KEV action for CVE-2026-31431 and FCEB remediation
Public Sector ActionAbout this happening: CISA added **CVE-2026-31431** to its **KEV catalog**, putting **Federal Civilian Executive Branch (FCEB)** agencies on notice to remediate an actively exploited Linux privilege-es...
CISA KEV order for BlueHammer patching
Public Sector Action
H score37
First: 23.04.2026 14:05
Last: 23.04.2026 14:05
Sources 1
About this happening:
**CISA** ordered **Federal Civilian Executive Branch agencies** to patch **Windows** systems against **CVE-2026-33825** within **two weeks** after adding **BlueHammer** to the **K...
CISA KEV order for BlueHammer patching
Public Sector ActionAbout this happening: **CISA** ordered **Federal Civilian Executive Branch agencies** to patch **Windows** systems against **CVE-2026-33825** within **two weeks** after adding **BlueHammer** to the **K...
Timeline
-
22.05.2026 08:47 2 articles · 1mo ago
CISA adds exploited Langflow and Trend Micro Apex One flaws to KEV
Legal Policy Action UpdateCISA added CVE-2025-34291 in Langflow and CVE-2026-34926 in on-premise Trend Micro Apex One to the KEV catalog after evidence of active exploitation. CVE-2025-34291 is an origin validation error that can enable arbitrary code execution and full system compromise, while CVE-2026-34926 is a directory traversal flaw that can let a pre-authenticated local attacker modify a key table on the server and inject malicious code to deploy to agents on affected installations. Federal Civilian Executive Branch agencies must apply the necessary fixes by June 4, 2026.
Show sources
- CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV — thehackernews.com — 22.05.2026 08:47
- CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV — thehackernews.com — 22.05.2026 08:47