The United States government has officially sounded the alarm on two fresh security gaps being actively abused by digital attackers. The Cybersecurity and Infrastructure Security Agency, widely known as CISA, just placed these flaws involving Langflow and Trend Micro Apex One onto its high-priority watch list of known exploited vulnerabilities. Cybercriminals are already using these entry points to slip past security barriers, forcing officials to demand immediate action from organizations across the nation.

Severe Code Execution Gap Shatters AI Security

The first and most dangerous issue involves Langflow, a popular tool used to build artificial intelligence applications, and it is tracked under the label CVE-2025-34291. This flaw carries a nearly perfect danger score of 9.4 out of 10. The core problem stems from a mistake in how the system checks where data requests are coming from. Because of this validation error, a remote hacker can trick the system into running malicious code, which eventually grants the attacker total control over the compromised computer network.

Security researchers who studied the flaw discovered that the bug actually triggers a chain reaction by tying three separate weaknesses together. The platform leaves its cross-origin sharing settings too loose, lacks basic defenses against web request forgery, and has a built-in feature that lets users run code by design. When hackers abuse these flaws simultaneously, the consequences are devastating. Not only do they take over the AI workspace itself, but they can also steal all the secret login keys and sensitive access tokens stored inside. This can easily cause a domino effect, allowing the hackers to break into connected cloud platforms and downstream business software.

This threat is far from theoretical. Cyber intelligence reports revealed that a notorious hacking group backed by the Iranian government, known as MuddyWater, has been actively weaponizing this exact AI loophole. The state-sponsored actors are using it as an easy way to gain their first foothold inside corporate networks before launching deeper attacks.

Trend Micro Flaw Targets Local Network Controls

The second security emergency involves on-premise setups of Trend Micro Apex One, an endpoint security software meant to protect corporate computers. Tracked as CVE-2026-34926, this flaw has a medium-to-high danger rating of 6.7. The issue is a directory traversal bug, which basically means a user can trick the system into looking at folders and files it should not be touching.

In this scenario, a local attacker who has not yet logged into the main system can alter a critical internal table on the server. By messing with this data table, the attacker can insert malicious code and force the server to push that bad data directly out to all the connected employee computers running the security software agent.

Trend Micro admitted that they have already spotted at least one real-world case where a bad actor tried to abuse this flaw. However, the company pointed out that executing this attack requires a few specific steps. A hacker must already have physical or local network access to the Apex One server itself, and they must have already stolen administrative login credentials using some other malicious method. Cloud-based versions of the software are completely safe from this specific issue.

Government Enforces Strict Patch Deadlines

Because state-sponsored hackers and other cybercriminals are already moving fast to exploit these gaps, the federal government is treating the situation with extreme urgency. All federal civilian executive branch agencies have been ordered to update their systems and install the necessary software fixes right away.

The government has set a strict deadline of June 4, 2026, for these organizations to fully secure their systems. While this mandate technically applies to federal networks, security professionals strongly recommend that private businesses, healthcare facilities, and local authorities also patch their systems immediately to keep their private corporate data out of the hands of global hackers.