Two Actively Exploited Flaws Added to CISA Known Vulnerabilities Catalog

Langflow Vulnerability Allows Remote Code Execution

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog, confirming evidence of active exploitation in the wild. One of the newly listed flaws affects Langflow, a popular open-source low-code platform for building AI applications. The vulnerability, which carries a critical severity score, stems from an origin validation error. Attackers can exploit this weakness to execute arbitrary code and gain full control over the affected system.

Contents

Langflow Vulnerability Allows Remote Code Execution Trend Micro Apex One Directory Traversal Flaw

According to research from Obsidian Security, this flaw combines three separate weaknesses: overly permissive Cross Origin Resource Sharing (CORS) settings, a lack of cross site request forgery (CSRF) protection, and a built-in code execution endpoint. Successful exploitation exposes all sensitive access tokens and API keys stored in the workspace, which can lead to cascading compromises across connected cloud and SaaS services. The Iranian state sponsored group MuddyWater has been observed using this vulnerability to gain initial access to target networks.

Trend Micro Apex One Directory Traversal Flaw

The second vulnerability added to the KEV catalog affects on-premise versions of Trend Micro Apex One, a widely used endpoint security solution. This directory traversal flaw allows a pre-authenticated local attacker to modify a key table on the server and inject malicious code that deploys to agents on affected installations. Trend Micro has confirmed at least one instance of active exploitation in the wild.

To exploit this vulnerability, an attacker must already have administrative credentials to the Apex One server obtained through other means. Federal Civilian Executive Branch (FCEB) agencies are required to apply the necessary patches by June 4, 2026 to secure their networks. Organizations using either Langflow or on-premise Trend Micro Apex One should prioritize updating their systems immediately to prevent potential compromise.

Source: The Hacker News

Two Actively Exploited Flaws Added to CISA Known Vulnerabilities Catalog

CISA adds two actively exploited flaws to its KEV catalog, including a critical Langflow vulnerability exploited by Iranian state hackers and a Trend Micro Apex One directory traversal weakness.

Langflow Vulnerability Allows Remote Code Execution

Trend Micro Apex One Directory Traversal Flaw

Trending

Canadian National Charged for Operating Kimwolf DDoS Botnet

Signed Lenovo Driver Exploited to Kill Security Software

New Phishing Service Kali365 Targets Microsoft 365 Tokens to Evade MFA

Microsoft Revamps Edge Password Security After Criticism

Microsoft Takes Down Certificate Fraud Ring That Signed Malware for Criminals

Related Stories

Canonical Services Silenced by Wave of Flood Traffic

Vercel Patches Dozen Flaws in Next.js and React Server Components

Citrix Patches Critical NetScaler Zero-Day Exploited in the Wild

Unsafe Class Loading in Amazon Redshift JDBC Driver Opens Door to Remote Code Execution