CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV
Summary
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. These include a critical flaw in Langflow and another in Trend Micro Apex One, both of which have been observed to be actively exploited in the wild.
IFF Assessment
The inclusion of actively exploited vulnerabilities in critical software increases the risk for organizations and defenders.
Severity
The CVSS score of 9.4 indicates a critical severity, likely due to factors like an easy attack vector and significant impact on confidentiality, integrity, and availability.
CISA KEV: Listed as actively exploited. Federal patch due: June 04, 2026. Known ransomware use: Unknown.
Defender Context
Defenders should prioritize patching or mitigating these newly added vulnerabilities to protect their environments. The active exploitation suggests that threat actors are actively targeting these weaknesses, making prompt action essential.