(Image: Titima Ongkantong/Shutterstock.com). Security vulnerabilities in Trend Micro Apex One and Langflow are being actively exploited by cybercriminals. The CISA warns of this. The U.S. IT security agency CISA warns of currently observed attacks on the anti-malware solution Trend Micro Apex One as well as on the AI programming tool Langflow. Updates to close the exploited vulnerabilities are available. Admins should apply them quickly. In its security alert, CISA [1] does not provide further details, such as the nature and scope of the attacks. However, it names the vulnerabilities that criminals are exploiting. In Langflow, it is a chained vulnerability that enables account takeover and execution of malicious code from the network (CVE-2025-34291 [2], CVSS4 9.4, risk “critical”). Langflow up to and including version 1.6.9 is affected; as of the time of this report, the current version is 1.9.3 [3], which IT managers should migrate to. The vulnerability under attack in Trend Micro’s Apex One is closed by updates [4] from May, which the vendor released on Thursday of this week. In the release notes, Trend Micro explains that at least one instance of an active exploit of one of the vulnerabilities closed by these updates has been observed in the wild. The specific vulnerability is a directory traversal flaw in Apex One Server. Attackers with local access can modify a value on the server and thus inject malicious code that is distributed to agents of affected installations (CVE-2026-34926, CVSS 6.7, risk “medium”). The updates patch this and seven additional high-risk security holes. Install updates immediately. Since the vulnerabilities are already being attacked, admins should apply the updates immediately. However, neither CISA nor the vendors of the affected products provide any indicators of compromise (IOC) that IT managers could use to check their systems. On Thursday of this week, CISA warned of seven exploited vulnerabilities [5], for example in old, long-unsupported Microsoft products. (dmk [7]). URL of this article:. https://www.heise.de/-11303311. Links in this article:. https://www.cisa.gov/news-events/alerts/2026/05/21/cisa-adds-two-known-exploited-vulnerabilities-catalog. https://www.cve.org/CVERecord?id=CVE-2025-34291. https://github.com/langflow-ai/langflow/releases. https://success.trendmicro.com/en-US/solution/KA-0023430. https://www.heise.de/news/Attackierte-MS-Defender-Luecken-und-BitLocker-Schutzmassnahmen-11301580.html. https://pro.heise.de/security/?LPID=39555_HS1L0001_27416_999_0&wt_mc=disp.fd.security-pro.security_pro24.disp.disp.disp. mailto:dmk@heise.de. Copyright © 2026 Heise Medien
heise security News