CISA warns of active exploitation of Trend Micro Apex One and Langflow vulnerabilities

Cybercriminals are actively exploiting vulnerabilities in Trend Micro Apex One and Langflow, according to CISA. The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about ongoing attacks targeting Trend Micro Apex One and the AI programming tool Langflow. Patches are available to address these exploited security flaws. The vulnerabilities include a critical chained vulnerability in Langflow (CVE-2025-34291) allowing account takeover and remote code execution, and a medium-risk directory traversal flaw in Trend Micro Apex One (CVE-2026-34926) enabling local attackers to inject malicious code.