TheCybersecurity and Infrastructure Security Agencyhas added newly exploited vulnerabilities affectingLangflowandTrend Microproducts to its Known Exploited Vulnerabilities (KEV) catalog, signaling that attackers are actively abusing the flaws in real-world intrusions.
The move, reported by The Hacker News, places additional urgency on organizations to patch vulnerable systems immediately. Inclusion in the KEV catalog is significant because it confirms exploitation activity has already been observed and that the vulnerabilities pose a substantial risk to government agencies and private-sector infrastructure alike.
One of the newly added vulnerabilities impacts Langflow, an increasingly popular platform used for building and orchestrating AI-powered workflows and applications. As artificial intelligence adoption accelerates across enterprises, platforms that integrate large language models, automation pipelines, and API connectivity are rapidly becoming attractive targets for attackers.
Security researchers warn that AI infrastructure may introduce entirely new attack surfaces into corporate environments. Many AI orchestration platforms interact with sensitive internal systems, cloud services, databases, and external APIs. If compromised, attackers could potentially manipulate workflows, steal sensitive data, inject malicious prompts, or gain broader access to enterprise environments.
The second KEV addition involves Trend Micro products, continuing a growing pattern where attackers aggressively target security infrastructure itself. Endpoint security platforms, management consoles, and defensive tools have become high-value targets because compromising them can provide attackers with privileged access while simultaneously weakening an organization’s defenses.
The Trend Micro flaw reportedly affects on-premise deployments and could allow attackers to execute malicious code remotely under certain conditions. Active exploitation has already prompted urgent patch advisories and incident response efforts across affected organizations.
CISA’s KEV catalog has become one of the cybersecurity industry’s most closely watched threat indicators. Federal agencies are required to remediate listed vulnerabilities within strict deadlines, but the catalog is also widely used by private companies as a prioritization tool for patch management and risk assessment.
The rapid addition of both vulnerabilities highlights how quickly attackers are weaponizing newly disclosed flaws. In many modern campaigns, cybercriminals automate internet-wide scanning for vulnerable systems within hours of technical disclosures becoming public. Organizations with slow patching cycles can therefore become easy targets almost immediately after vulnerabilities emerge.
Researchers also note that attackers are increasingly shifting focus toward platforms that occupy strategic positions inside enterprise environments. Rather than targeting only end-user systems, threat actors are now prioritizing security tools, cloud orchestration platforms, AI infrastructure, and remote management systems that provide broader operational control.
The inclusion of an AI-related platform like Langflow is especially noteworthy because it reflects the evolving convergence between artificial intelligence and cybersecurity risk. As organizations rush to integrate generative AI technologies into daily operations, security practices around these ecosystems are still maturing, potentially leaving gaps that attackers can exploit.
CISA is urging organizations to review affected systems immediately, apply vendor patches, isolate exposed management interfaces from the public internet, and monitor environments for indicators of compromise. Security teams are also encouraged to prioritize KEV-listed vulnerabilities over lower-risk remediation tasks due to their proven exploitation status.
The incident reinforces a broader reality facing defenders in 2026: attackers are adapting quickly to emerging technologies while simultaneously exploiting weaknesses in the very systems designed to protect modern enterprises.