enforcement/regulator/
CISA adds Langflow, Trend Micro Apex One CVEs to KEV catalog
BOD 22-01 remediation deadlines now apply to both; non-FCEB orgs should treat the listing as a prioritization signal.
Editorial brief
CISA added two actively exploited CVEs to the Known Exploited Vulnerabilities catalog: CVE-2025-34291 (Langflow origin validation error) and CVE-2026-34926 (Trend Micro Apex One directory traversal). FCEB agencies must remediate by the posted due dates under BOD 22-01. Non-federal organizations are not bound but CISA urges prioritized patching for both.
Patch both.
Published ·Updated ·Deep Fathom