---
title: "CISA Warns: Two Actively Exploited Vulnerabilities Demand Immediate Patching"
short_title: "CISA adds two critical exploited vulnerabilities"
description: "CISA has added CVE-2025-34291 and CVE-2026-34926 to its KEV Catalog due to active exploitation. Learn mitigation steps and why urgent action is critical."
author: "Vitus"
date: 2024-10-02
categories: [Cybersecurity, Vulnerabilities]
tags: [cisa, cve-2025-34291, cve-2026-34926, vulnerability-management, threat-intelligence]
score: 0.85
cve_ids: [CVE-2025-34291, CVE-2026-34926]
---
## TL;DR
CISA has added two new vulnerabilities—CVE-2025-34291 (Langflow) and CVE-2026-34926 (Trend Micro Apex One)—to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. Federal agencies must patch immediately, but all organizations are urged to prioritize remediation to reduce exposure to cyberattacks.
Main Content
The Cybersecurity and Infrastructure Security Agency (CISA) has escalated its response to two critical vulnerabilities after confirming their active exploitation in the wild. These flaws, now listed in the Known Exploited Vulnerabilities (KEV) Catalog, serve as frequent attack vectors for malicious cyber actors and pose significant risks to both federal and private sector networks.
### Key Points
- CVE-2025-34291: A Langflow origin validation error vulnerability that could allow attackers to bypass security controls and execute unauthorized actions.
- CVE-2026-34926: A Trend Micro Apex One (On-Premise) directory traversal vulnerability enabling attackers to access sensitive files and escalate privileges.
- Binding Operational Directive (BOD) 22-01 mandates Federal Civilian Executive Branch (FCEB) agencies to remediate these vulnerabilities by specified deadlines.
- While BOD 22-01 applies only to federal agencies, CISA strongly recommends all organizations prioritize patching to mitigate risks.
Technical Details
#### CVE-2025-34291: Langflow Origin Validation Error
This vulnerability arises from improper validation of HTTP requests in Langflow, a popular framework for building AI workflows. Attackers can exploit this flaw to manipulate request origins, potentially leading to cross-site request forgery (CSRF) attacks or unauthorized data access. The flaw affects multiple versions of Langflow and requires immediate patching or mitigating controls.
#### CVE-2026-34926: Trend Micro Apex One Directory Traversal
Affected versions of Trend Micro Apex One (On-Premise) contain a directory traversal vulnerability that allows attackers to access files outside the intended directory structure. This could lead to sensitive data exposure, privilege escalation, or remote code execution (RCE) in worst-case scenarios. Trend Micro has released patches to address this issue.
### Impact Assessment
The inclusion of these vulnerabilities in CISA’s KEV Catalog underscores their severity and the urgency of remediation. Malicious actors actively exploit such flaws to:
- Gain unauthorized access to sensitive systems.
- Escalate privileges within compromised networks.
- Deploy ransomware, spyware, or other malicious payloads.
Federal agencies face mandatory patching deadlines, but private organizations are equally at risk. Delayed action could result in data breaches, operational disruptions, or regulatory penalties.
### Mitigation Steps
1. Patch Immediately: Apply the latest updates for Langflow and Trend Micro Apex One (On-Premise).
2. Isolate Affected Systems: Restrict access to vulnerable systems until patches are deployed.
3. Monitor for Exploitation: Use intrusion detection systems (IDS) to identify suspicious activity.
4. Review CISA’s KEV Catalog: Stay informed about emerging threats and prioritize remediation efforts.
## Conclusion
CISA’s addition of CVE-2025-34291 and CVE-2026-34926 to its KEV Catalog serves as a critical reminder of the evolving threat landscape. Organizations must adopt a proactive vulnerability management strategy to defend against known and emerging threats. Timely patching, continuous monitoring, and adherence to CISA’s guidelines are essential to safeguarding digital infrastructure.
For more details, refer to CISA’s official advisory here.
## References
[^1]: CISA. "CISA Adds Two Known Exploited Vulnerabilities to Catalog". Retrieved 2024-10-02.
[^2]: MITRE. "CVE-2025-34291 Detail". Retrieved 2024-10-02.
[^3]: MITRE. "CVE-2026-34926 Detail". Retrieved 2024-10-02.