The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, targeting both an open-source AI workflow builder and a commercial endpoint protection suite. The designation triggers a strict June 4, 2026 remediation deadline for federal civilian agencies and issues an urgent patching advisory for private sector organizations.
The additions highlight a strategic shift in adversary targeting, as attackers increasingly weaponize the foundational tools organizations rely on to build AI applications and defend their networks.
Langflow Origin Validation Flaw
The first addition concerns a critical origin validation error in Langflow, a widely used open-source visual framework for building large language model applications. CISA confirmed active exploitation of the flaw, which allows attackers to bypass intended access controls by crafting malicious requests that the framework fails to properly validate.
Under Binding Operational Directive 22-01, all U.S. federal civilian agencies must apply the vendor-released fix within 14 days of the catalog entry. While the KEV entry does not detail specific attack vectors observed in the wild, origin validation errors of this severity typically enable unauthorized data access, workflow manipulation, or downstream compromise of connected LLM services.
Langflow's position in the AI development stack makes it a high-value target. Organizations using the framework to orchestrate prompts, connect to vector databases, or manage multi-agent workflows must treat this vulnerability as a critical priority.
Trend Micro Apex One Vulnerability
The second addition targets Trend Micro Apex One, a commercial endpoint detection and response platform deployed across enterprises globally. CISA cited evidence of active exploitation but has not yet publicly disclosed a specific CVE identifier or the technical mechanics of the flaw.
Trend Micro has released a patched version to address the vulnerability. Federal agencies face the same June 4 compliance deadline.
The targeting of an endpoint security product is particularly concerning. Apex One is designed to detect and block threats; a vulnerability that allows attackers to bypass or disable its protections would give adversaries a significant foothold, potentially allowing them to operate undetected within compromised networks. Security teams should monitor vendor and CISA channels for updated exploit details and indicators of compromise as technical disclosures emerge.
Why the KEV Catalog Matters
CISA's KEV catalog has become one of the most actionable tools in vulnerability management. Unlike CVSS scores, which measure theoretical severity, KEV entries are reserved exclusively for vulnerabilities with confirmed real-world exploitation. This distinction forces security teams to prioritize remediation based on actual threat activity rather than abstract risk calculations.
For IT teams managing AI infrastructure and endpoint security, the message is clear: theoretical patching cycles are no longer sufficient. Vulnerabilities in foundational tools demand immediate attention, and KEV entries should be treated as action triggers rather than reference material.
Recommended Actions
Security teams should take the following steps without delay:
-
Inventory deployments: Identify all instances of Langflow and Trend Micro Apex One across the enterprise, including development, staging, and production environments.
-
Apply patches immediately: Upgrade to the latest patched versions provided by the vendors. Organizations facing operational constraints should deploy compensating controls — including strict network segmentation, enhanced API input validation, and elevated endpoint monitoring — while patching is scheduled.
-
Integrate KEV tracking: Automate monitoring of the KEV catalog within vulnerability management workflows. Tools that cross-reference asset inventories against KEV entries can reduce response times from weeks to hours.
-
Audit AI pipeline security: The Langflow vulnerability highlights a broader risk: AI development frameworks often connect to sensitive data sources and external APIs. Input validation, authentication controls, and network isolation should be standard for any LLM orchestration platform.
The simultaneous exploitation of an open-source AI tool and a commercial security suite signals that adversaries are casting a wide net across the technology stack. Organizations that treat the KEV catalog as a living priority list will be better positioned to respond as the threat landscape evolves.
美國網絡安全及基礎設施安全局(CISA)已將兩個遭主動利用的漏洞加入其已知被利用漏洞(KEV)目錄,目標分別為一個開源 AI 工作流程構建工具及一個商業終端保護套件。此項指定觸發了聯邦民事機構必須遵守的嚴格 2026 年 6 月 4 日修復期限,並向私營機構發出緊急修補諮詢。
此次新增內容突顯了攻擊者目標選擇的戰略轉變,因為攻擊者越來越多地將組織依賴的基礎工具武器化,用以構建 AI 應用程式及防禦網絡。
Langflow 來源驗證漏洞
第一個新增內容涉及 Langflow 中的一個嚴重來源驗證錯誤,Langflow 是一個廣泛用於構建大型語言模型應用程式的開源視覺化框架。CISA 確認該漏洞遭主動利用,攻擊者可透過構建框架未能正確驗證的惡意請求,繞過預期的訪問控制。
根據約束性操作指令 22-01(Binding Operational Directive 22-01),所有美國聯邦民事機構必須在目錄條目發布後 14 天內應用供應商發布的修復方案。雖然 KEV 條目並未詳述野外觀察到的具體攻擊向量,但此嚴重程度的來源驗證錯誤通常會導致未經授權的數據訪問、工作流程操縱或連接的 LLM 服務下游受損。
Langflow 在 AI 開發棧中的地位使其成為高價值目標。使用該框架編排提示詞、連接向量數據庫或管理多代理工作流程的組織,必須將此漏洞視為關鍵優先事項。
Trend Micro Apex One 漏洞
第二個新增內容針對 Trend Micro Apex One,這是一個在全球企業部署的商業終端檢測及響應平台。CISA 引用了主動利用的證據,但尚未公開披露具體的 CVE 識別碼或漏洞的技術機制。
Trend Micro 已發布修補版本以解決該漏洞。聯邦機構面臨相同的 6 月 4 日合規期限。
針對終端安全產品的攻擊尤其令人擔憂。Apex One 旨在檢測及阻止威脅;若存在允許攻擊者繞過或禁用其保護的漏洞,將使對手獲得顯著的立足點,潛在允許他們在受損網絡內未被發現地操作。安全團隊應監控供應商及 CISA 渠道,以獲取技術披露出現時的更新利用詳情及入侵指標。
為何 KEV 目錄至關重要
CISA 的 KEV 目錄已成為漏洞管理中最具可操作性的工具之一。與測量理論嚴重性的 CVSS 評分不同,KEV 條目僅保留給確認有現實世界利用的漏洞。這種區別強制安全團隊根據實際威脅活動而非抽象風險計算來優先處理修復。
對於管理 AI 基礎設施及終端安全的 IT 團隊而言,資訊清晰:理論修補週期已不再足夠。基礎工具中的漏洞需要即時關注,KEV 條目應視為行動觸發器而非參考材料。
建議行動
安全團隊應立即採取以下步驟:
-
盤點部署: 識別企業內所有 Langflow 及 Trend Micro Apex One 實例,包括開發、測試及生產環境。
-
立即應用修補程序: 升級至供應商提供的最新修補版本。面臨營運限制的組織應部署補償控制——包括嚴格的網絡分段、增強的 API 輸入驗證及提升的終端監控——同時安排修補計劃。
-
整合 KEV 追蹤: 在漏洞管理工作流程中自動化監控 KEV 目錄。能夠交叉參考資產清單與 KEV 條目的工具,可將響應時間從數週縮短至數小時。
-
審核 AI 管道安全: Langflow 漏洞突顯了一個更廣泛的風險:AI 開發框架往往連接敏感數據源及外部 API。輸入驗證、認證控制及網絡隔離應成為任何 LLM 編排平台的標準配置。
開源 AI 工具與商業安全套件同時遭利用,信號表明攻擊者正在技術棧上撒網。將 KEV 目錄視為動態優先列表的組織,將能更好地在威脅格局演變時作出響應。