[Vulnerability Alert] CISA Adds 3 Known Exploited Vulnerabilities to KEV Catalog (2026/03/23-2026/03/29)

• Subject Explanation: [Vulnerability Alert] CISA Adds 3 Known Exploited Vulnerabilities to KEV Catalog (2026/03/23-2026/03/29)

• Content Description:
  • Forwarding Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC) Security Alert TWCERTCC-200-202603-00000023
  • [CVE-2026-33017] Langflow Code Injection Vulnerability (CVSS v3.1: 9.8)
  • [Ransomware Exploitation: Unknown] Langflow contains a code injection vulnerability, which could lead to the creation of public flows without authentication.
  • [CVE-2026-33634] Aquasecurity Trivy Embedded Malicious Code Vulnerability (CVSS v3.1: 8.8)
  • [Ransomware Exploitation: Unknown] Aquasecurity Trivy contains an embedded malicious code vulnerability, which could allow an attacker to gain full access to the CI/CD environment, including all tokens, SSH keys, cloud credentials, database passwords, and any sensitive settings in memory.
  • [CVE-2025-53521] F5 BIG-IP Unspecified Vulnerability (CVSS v3.1: 9.8)
  • [Ransomware Exploitation: Unknown] F5 BIG-IP AMP contains an unspecified vulnerability that could allow an attacker to execute remote code.
• Impacted Platforms:
  • [CVE-2026-33017] Please refer to the official list of affected versions: https://github.com/langflow-ai/langflow/security/advisories/GHSA-vwmf-pq79-vjvx
  • [CVE-2026-33634] Please refer to the official list of affected versions: https://github.com/aquasecurity/trivy/security/advisories/GHSA-69fq-xp46-6x23
  • [CVE-2025-53521] Please refer to the official list of affected versions: https://my.f5.com/manage/s/article/K000156741
• Suggested Measures:
  • [CVE-2026-33017] Official fix updates have been released. Please update to the relevant version: https://github.com/langflow-ai/langflow/security/advisories/GHSA-vwmf-pq79-vjvx
  • [CVE-2026-33634] Official fix updates have been released. Please update to the relevant version: https://github.com/aquasecurity/trivy/security/advisories/GHSA-69fq-xp46-6x23
  • [CVE-2025-53521] Official fix updates have been released. Please update to the relevant version: https://my.f5.com/manage/s/article/K000156741

Computer and Communication Center
Network Systems Division