Vulnerabilities in Trend Micro Apex One and Langflow under attack

The US cybersecurity agency CISA is warning of currently observed attacks on the anti-malware solution Trend Micro Apex One and the AI programming tool Langflow. Updates to close the attacked security vulnerabilities are available. Admins should apply them quickly.

In the security warning, CISA does not provide further details, such as the nature and scope of the attacks. However, it names the vulnerabilities that criminals are exploiting. In Langflow, it is a chained vulnerability that allows account takeover and remote code execution (CVE-2025-34291, CVSS4 9.4, Risk “critical”). Langflow up to and including version 1.6.9 is affected. Currently, as of the time of reporting, version 1.9.3 is available, which IT managers should migrate to.

The vulnerability in Trend Micro's Apex One, which is under attack, is being closed by updates released by the manufacturer on Thursday this week. In the release notes, Trend Micro explains that active exploitation of one of the security vulnerabilities closed by these updates has been observed in the wild in at least one instance. The specific vulnerability is a directory traversal vulnerability in Apex One Server. Attackers with local access can modify a value on the server and thus inject malicious code that is distributed to agents of affected installations (CVE-2026-34926, CVSS 6.7, Risk “medium”). The updates patch this and seven other high-risk security flaws.

Install updates immediately

Since the vulnerabilities are already being attacked, admins should apply the updates immediately. However, neither CISA nor the manufacturers of the affected products provide any indicators of compromise (IOCs) that IT managers could use to check their systems.

On Thursday this week, CISA warned of seven attacked security vulnerabilities in, for example, old, long-unsupported Microsoft products.

(dmk)