[CVE, 긴급패치][KISA 보안취약점 정보포털 진흥원] 美 CISA 발표 주요 Exploit 정보공유(Update. 2026-05-21)

2026-05-22

확인 시간 : 2026-05-22 06:15

KISA 보안취약점 정보포털 진흥원 : 취약점 정보 > 보안공지

제목 : 美 CISA 발표 주요 Exploit 정보공유(Update. 2026-05-21)

□ 개요
o 美 CISA에서 현재 자주 악용되고 있는 취약점 목록 발표 [1]
o 영향을 받는 버전을 사용 중인 사용자는 해결 방안에 따라 최신 버전으로 업데이트 권고

□ 영향을 받는 제품

CVE제조사취약점내용조치사항

CVE-2026-34926	Trend Micro	Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability	Trend Micro Apex One (on-premise) contains a directory traversal vulnerability that could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations.	Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CVE-2025-34291	Langflow	Langflow Origin Validation Error Vulnerability	Langflow contains an origin validation error vulnerability in which an overly permissive CORS configuration combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the refresh endpoint. This could allow the attacker to execute arbitrary code and achieve full system compromise via obtained tokens that permit access to authenticated endpoints.	Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

※ 하단의 참고 사이트를 확인하여 업데이트 수행 [1]

□ 참고사이트
[1] https://www.cisa.gov/known-exploited-vulnerabilities-catalog

□ 작성 : 위협대응단 AI취약점대응팀