Alerta · Publicado 21/05/2026 · Actualizado 22/05/2026
La Agencia de Ciberseguridad e Infraestructura Crítica (CISA) ha catalogado dos vulnerabilidades (CVE-2025-34291 y CVE-2026-34926) como explotadas activamente en ataques reales. Estas amenazas requieren atención inmediata en infraestructuras críticas y sistemas gubernamentales de LATAM. Las organizaciones deben verificar si sus sistemas están expuestos y aplicar mitigaciones según el calendario de CISA.
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-34291 Langflow Origin Validation Error Vulnerability CVE-2026-34926 Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the d
Alerta publicada por CISA / US-CERT. Consulta el advisory completo para detalles técnicos, indicadores de compromiso y mitigaciones específicas.