**CISA** has mandated that Federal Civilian Executive Branch (FCEB) agencies apply necessary patches by June 4, 2026, to mitigate risks associated with these vulnerabilities. ### Vulnerability Details The two vulnerabilities added to the KEV catalog are: * **CVE-2025-34291** (CVSS score: 9.4): This is an origin validation error vulnerability found in **Langflow**. Successful exploitation could allow an attacker to execute arbitrary code, leading to full system compromise. * **CVE-2026-34926** (CVSS score: 6.7): A directory traversal vulnerability exists in on-premise versions of **Trend Micro Apex One**. A pre-authenticated local attacker could exploit this to modify a key table on the server, injecting malicious code for deployment to agents on affected installations. ### Langflow (CVE-2025-34291) Analysis According to a December 2025 report by **Obsidian Security**, **CVE-2025-34291** stems from a combination of overly permissive CORS, a lack of cross-site request forgery (CSRF) protection, and an endpoint designed to allow code execution. **Obsidian Security** stated, "The impact is severe: successful exploitation not only compromises the **Langflow** instance but also exposes all sensitive access tokens and API keys stored within the workspace. This can trigger a cascading compromise across all integrated downstream services in cloud and SaaS environments." It has been reported that the Iranian state-sponsored hacking group **MuddyWater** has exploited this vulnerability to gain initial access to target networks, according to **Ctrl-Alt-Intel** in March 2026. ### Trend Micro Apex One (CVE-2026-34926) Analysis **Trend Micro** has acknowledged observing attempts to actively exploit **CVE-2026-34926** in the wild. According to **Trend Micro**, this vulnerability is only exploitable on the on-premise version of **Apex One**, requiring an attacker to have access to the **Apex One** server and pre-existing administrative credentials.