Date Posted: 2026/04/02
[Vulnerability Alert] CISA Adds 3 Known Exploited Vulnerabilities to KEV Catalog (2026/03/23-2026/03/29)
- Subject Explanation: [Vulnerability Alert] CISA Adds 3 Known Exploited Vulnerabilities to KEV Catalog (2026/03/23-2026/03/29)
- Content Description:
- Forwarding Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC) Security Alert TWCERTCC-200-202603-00000023
- [CVE-2026-33017] Langflow Code Injection Vulnerability (CVSS v3.1: 9.8)
- [Ransomware Exploitation: Unknown] Langflow contains a code injection vulnerability, which could lead to the creation of public flows without authentication.
- [CVE-2026-33634] Aquasecurity Trivy Embedded Malicious Code Vulnerability (CVSS v3.1: 8.8)
- [Ransomware Exploitation: Unknown] Aquasecurity Trivy contains an embedded malicious code vulnerability, which could allow an attacker to gain full access to the CI/CD environment, including all tokens, SSH keys, cloud credentials, database passwords, and any sensitive settings in memory.
- [CVE-2025-53521] F5 BIG-IP Unspecified Vulnerability (CVSS v3.1: 9.8)
- [Ransomware Exploitation: Unknown] F5 BIG-IP AMP contains an unspecified vulnerability that could allow an attacker to execute remote code.
- Impacted Platforms:
- [CVE-2026-33017] Please refer to the official list of affected versions: https://github.com/langflow-ai/langflow/security/advisories/GHSA-vwmf-pq79-vjvx
- [CVE-2026-33634] Please refer to the official list of affected versions: https://github.com/aquasecurity/trivy/security/advisories/GHSA-69fq-xp46-6x23
- [CVE-2025-53521] Please refer to the official list of affected versions: https://my.f5.com/manage/s/article/K000156741
- Suggested Measures:
- [CVE-2026-33017] Official fix updates have been released. Please update to the relevant version: https://github.com/langflow-ai/langflow/security/advisories/GHSA-vwmf-pq79-vjvx
- [CVE-2026-33634] Official fix updates have been released. Please update to the relevant version: https://github.com/aquasecurity/trivy/security/advisories/GHSA-69fq-xp46-6x23
- [CVE-2025-53521] Official fix updates have been released. Please update to the relevant version: https://my.f5.com/manage/s/article/K000156741
Computer and Communication Center
Network Systems Division
