THE U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: CVE-2025-34291 from Langflow, which has a CVSS score of 9.4, and CVE-2026-34926 from Trend Micro Apex One, with a CVSS score of 6.7. CVE-2025-34291 is an origin validation error that allows attackers to execute arbitrary code, compromising sensitive access tokens and potentially affecting integrated services.
CVE-2026-34926 targets on-premise Trend Micro installations and enables local attackers to manipulate server data if administrative credentials are compromised. Both vulnerabilities pose significant risks, with federal agencies required to mitigate them by June 4, 2026.