Skip to main content
Back to Blog
CISA Flags Actively Exploited Vulnerabilities in Langflow and Trend Micro Apex One
CVEMay 25, 20264 min read

CISA Flags Actively Exploited Vulnerabilities in Langflow and Trend Micro Apex One

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog on May 22, 2026. Both flaws are under active exploitation. The affected products are Langflow, a popular open-source tool for building AI workflows, and Trend Micro Apex One, an enterprise endpoint security platform.

What happened

CISA confirmed active exploitation of CVE-2025-34291, a critical origin validation error in Langflow carrying a CVSS score of 9.4. Origin validation errors allow attackers to bypass controls that restrict where requests can originate from, potentially enabling unauthorized access to protected functionality or data. The second vulnerability affects Trend Micro Apex One, though the source does not provide full technical details on that flaw at this time.

Both vulnerabilities now appear on the KEV catalog, which means U.S. federal agencies are required to patch them on a defined deadline. The catalog is also a reliable signal for the broader security community: if CISA lists something there, real attackers are already using it in the wild.

Why this matters to small teams

Langflow has grown quickly in popularity among developers building AI-powered applications. If you have spun up a Langflow instance to prototype an AI workflow, an agent, or an automation pipeline, you may be running a version with this vulnerability exposed. Many developers run Langflow locally or on a small cloud server without hardening the setup, assuming low risk because the project is new or experimental. That assumption is now dangerous.

Free Scan

Run the exact check on your domain

See your security score, grade, and a breakdown of what's exposed. Free. Takes under 2 minutes.

Scan my site free →

The 9.4 CVSS score on CVE-2025-34291 means the flaw is considered critical. Origin validation errors in practice can let attackers make requests that the application treats as trusted, bypassing authentication or access controls. For a tool that often has access to API keys, model endpoints, and sensitive data pipelines, that is a serious exposure.

Small teams often adopt new AI tooling fast and without a formal patching process. You may not have a dedicated security person watching CVE feeds or CISA announcements. The result is that a tool you set up three months ago and mostly forgot about could be the entry point an attacker uses today.

How to stay protected

  1. Check your Langflow version immediately. If you are running any self-hosted Langflow instance, verify the version and compare it against the fixed release. Apply the patch or update without delay.

  2. Audit what is exposed to the internet. If your Langflow instance does not need to be publicly reachable, put it behind a VPN, firewall rule, or authentication proxy. Limit access to only the IPs or users that need it.

  3. Rotate any credentials the instance could access. Langflow often connects to LLM APIs, databases, and other services. If you cannot rule out that an attacker touched the instance, rotate those API keys and credentials now.

  4. Subscribe to CISA KEV updates. CISA offers an RSS feed and email alerts for new KEV entries. This is a low-effort way to get a reliable signal when something you use is being actively exploited. Visit cisa.gov/known-exploited-vulnerabilities-catalog to subscribe.

  5. Apply Trend Micro Apex One patches if applicable. If your team or your clients use Apex One for endpoint protection, check Trend Micro's advisory and apply any available patches. Even security tools need to be kept current.

  6. Treat AI tooling like any other production software. New frameworks and platforms in the AI space move fast, and so do the attackers targeting them. Build patching into your routine, not just as a reaction to incidents.

How UNPWNED helps

UNPWNED scans your web-facing properties for common security misconfigurations, exposed services, and missing security controls. While our scanner does not directly audit internal tools like Langflow, it can flag exposed ports and services, missing authentication headers, and insecure configurations that increase your overall attack surface. Keeping your public-facing infrastructure locked down reduces the blast radius if an internal tool like Langflow is ever compromised. Run a scan to see where your perimeter stands.

This post was drafted with AI assistance based on authoritative security sources, then published under editorial review.

Source

The Hacker News

Discussion (0)

Leave a comment

Comments are moderated. Be respectful. Spam and self-promotion will be removed.

Is your site exposed to issues like these?

SCAN YOUR SITE FREE