CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV

Friday, May 22, 2026 at 05:47 AM UTC·Source: The Hacker News

Updated: Friday, May 22, 2026 at 07:00 AM UTC

Executive Summary

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Langflow and Trend Micro Apex One to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities in question are listed below - CVE-2025-34291 (CVSS score: 9.4) - An origin validation error vulnerability in Langflow that could

Analysis

Indicators of Compromise (1)

CVE (1)

CVE-2025-34291

NVD MITRE CVE

Source Attribution

Originally published by The Hacker News on May 22, 2026.

Related Threats

LOWVulnerabilityNEW

CISA to allow researchers to report vulnerabilities to exploited bugs catalog

The Cybersecurity and Infrastructure Security Agency (CISA) announced the creation of a nomination form on Thursday that they said enables “researchers, vendors, and industry partners” to report bugs that need to be added to the Known Exploited Vulnerabilities catalog.

Just nowThe Record

MEDIUMVulnerabilityNEW

NAB refreshes app

NAB has unveiled a refreshed NAB app and Internet Banking experience, focused on helping customers to better manage and protect their money at a time when every dollar matters.

Just nowFinextra

LOWVulnerabilityNEW

Proposed State Laws For Breach Notification Could Reshape Incident Response Plans

Joseph Lazzarotti of JacksonLewis writes: State breach-notification laws continue to evolve, and legislatures are using 2026 sessions to tighten consumer protections and shift the civil liability landscape that often follows a cyber event. For businesses, the practical takeaway is that incident response planning increasingly needs to account not only for “whether notice is required,” but... Source

21m agoDataBreaches.net