CISA Adds Two Known Exploited Vulnerabilities to Catalog
Summary
CISA has added two new vulnerabilities, CVE-2025-34291 and CVE-2026-34926, to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. These vulnerabilities, affecting Langflow and Trend Micro Apex One respectively, are considered significant risks, particularly for federal agencies.
IFF Assessment
The addition of actively exploited vulnerabilities to CISA's KEV catalog indicates new attack vectors that pose a significant risk to organizations, making it bad news for defenders.
Severity
CISA KEV: Listed as actively exploited. Federal patch due: June 04, 2026. Known ransomware use: Unknown.
Defender Context
Organizations should prioritize patching or mitigating vulnerabilities listed in the KEV catalog, as these are actively being exploited by threat actors. This highlights the importance of robust vulnerability management programs that stay current with authoritative advisories.