4 CISA Patch Deadlines Expire This Week: PAN-OS, Defender, Langflow, and Apex One Actively Exploited

Retool's new app builder is where AI-generated code ships safely
Building apps with AI is easy. Getting them to production safely is another story.
Attackers gained unauthorized internal network access through 3 organizations running Palo Alto PAN-OS GlobalProtect starting May 17, and the CISA mandatory patch deadline for that vulnerability expires today, June 1, 2026. Three additional CISA patch deadlines hit this week for Microsoft Defender, Langflow, and Trend Micro Apex One, all under confirmed active exploitation.
CISA added CVE-2026-0257, a PAN-OS GlobalProtect authentication bypass, to its Known Exploited Vulnerabilities catalog on May 29 with a June 1 remediation deadline for Federal Civilian Executive Branch agencies. Rapid7 documented two distinct exploitation waves: the first on May 18 using Vultr-hosted infrastructure, the second on May 21 from Dromatics Systems, both targeting the local administrator account via forged authentication override cookies. Attackers authenticated to GlobalProtect gateways, received VPN IP assignments, and gained access to internal network segments, no credentials required, only network access to the portal or gateway.
The four vulnerabilities this week span endpoint security, VPN infrastructure, AI development tooling, and enterprise endpoint management. CISA patch deadlines expire June 1 through June 4. Iran-nexus APT MuddyWater is actively exploiting Langflow CVE-2025-34291 (CVSS 9.4) for full system compromise. Russian-linked activity has been observed in environments where Microsoft Defender CVE-2026-41091 granted SYSTEM-level privilege escalation. The Trend Micro Apex One flaw enables pre-authentication code injection across managed agents. Any organization running one of these four products without this week's patches is exposed to active exploitation right now.
CVE-2026-0257: PAN-OS GlobalProtect Authentication Bypass, Patch Deadline Today
CVE-2026-0257 is an authentication bypass vulnerability in Palo Alto Networks PAN-OS affecting the GlobalProtect portal and gateway components with a CVSS score of 7.8. The vulnerability allows an unauthenticated remote attacker to forge authentication override cookies and establish unauthorized VPN connections, gaining access to internal network segments without supplying valid credentials.
The technical root cause is a certificate reuse issue. When a GlobalProtect portal or gateway uses the same certificate for HTTPS service and authentication override cookie encryption and decryption, the public key is derivable by any external party. An attacker who discovers that public key can forge authentication override cookies that the gateway accepts as valid. The attack requires no user interaction and no prior authentication, only network access to the GlobalProtect portal or gateway and the specific certificate configuration.
The affected configuration is: GlobalProtect portal or gateway with authentication override cookies enabled, using a shared certificate between the HTTPS service and the override cookie function. Organizations that use dedicated, separate certificates for authentication override cookies are not affected by this specific bypass path.
Rapid7 MDR documented successful exploitation across multiple customer environments. The earliest observed exploitation was May 17, 2026. The first exploitation wave on May 18 originated from Vultr-hosted infrastructure. A second wave on May 21 came from Dromatics Systems infrastructure. Rapid7 assesses both waves were conducted by the same threat actor. In all confirmed cases, attackers authenticated to GlobalProtect gateways using forged cookies targeting the local administrator account, received VPN IP assignments, and established internal network access. No subsequent malicious lateral movement was observed in the Rapid7-documented cases, which means the attacker achieved their objective before detection, or was positioned for deferred activity.
CISA added CVE-2026-0257 to the KEV catalog on May 29, 2026, mandating FCEB agencies remediate by June 1. That deadline expires today.
Immediate mitigations: Generate a dedicated certificate exclusively for authentication override cookie encryption, do not reuse the portal or gateway HTTPS certificate. Alternatively, disable authentication override cookies if they are not required for your deployment. Apply vendor patches once available. For prior Palo Alto Networks exploitation patterns, see the PAN-OS CVE-2026-0300 firewall RCE analysis from earlier this year.
Subscribe to unlock Indicators of Compromise
Free subscribers unlock full IOC lists, Sigma detection rules, remediation steps, and every daily briefing.
CVE-2026-41091 and CVE-2026-45498: Microsoft Defender Zero-Days, Patch by June 3
Two Microsoft Defender vulnerabilities confirmed under active exploitation carry a CISA mandatory patch deadline of June 3, 2026 for federal agencies. Microsoft patched both on May 21, 2026.
CVE-2026-41091 (RedSun) is a local privilege escalation vulnerability in the Microsoft Malware Protection Engine versions 1.1.26030.3008 and earlier. The flaw stems from improper link resolution before file access, allowing a low-privileged local attacker to escalate to SYSTEM-level privileges. The fixed engine version is 1.1.26040.8. Microsoft Defender auto-updates its engine in environments where endpoint management allows it, check that engine updates are not blocked by policy.
CVE-2026-45498 (UnDefend) is a denial-of-service vulnerability in the Microsoft Defender Antimalware Platform versions 4.18.26030.3011 and earlier. A standard user account can exploit this flaw to block Defender definition updates, effectively disabling real-time protection coverage without triggering administrator-level alerts. The fixed platform version is 4.18.26040.7. This is particularly dangerous as a second-stage technique: an attacker who compromises a standard user account can weaponize CVE-2026-45498 to freeze the endpoint's signature database before deploying additional payloads.
Huntress Labs observed hands-on-keyboard threat actor activity in compromised environments tied to these vulnerabilities, with FortiGate SSL VPN access originating from source IPs geolocated to Russia. Attribution is not yet formalized, but the TTPs, VPN access followed by local privilege escalation via an endpoint security product, are consistent with initial access broker operations staging for ransomware deployment.
Both vulnerabilities are on the CISA KEV catalog with June 3 remediation deadline. For organizations that missed the earlier CVE-2026-41091 Defender zero-day patch advisory, this week's combined deadline raises the urgency: both CVE-2026-41091 and CVE-2026-45498 are exploited together as a privilege escalation plus defense evasion chain.
Verification command: Check current engine and platform versions via PowerShell: Get-MpComputerStatus | Select-Object AMEngineVersion, AMServiceVersion. Engine must be 1.1.26040.8 or later; platform must be 4.18.26040.7 or later.
Briefings like this, every morning before 9am.
Threat intel, active CVEs, and campaign alerts, distilled for practitioners. 50,000+ subscribers. No noise.
CVE-2025-34291: Langflow RCE Exploited by MuddyWater for Full System Compromise
CVE-2025-34291 is a critical remote code execution vulnerability in Langflow, an open-source visual AI workflow builder, with a CVSS score of 9.4. Iran-nexus APT group MuddyWater is actively exploiting this vulnerability to achieve full system compromise on enterprise AI development environments. CISA added it to the KEV catalog on May 21, 2026, with a June 4 remediation deadline.
MuddyWater is an Iran-linked threat actor assessed by CISA and US Cyber Command as subordinate to Iran's Ministry of Intelligence and Security (MOIS). Active since at least 2017, MuddyWater targets government, telecommunications, defense, and critical infrastructure organizations across the Middle East, Europe, and North America. The group is known for spear-phishing initial access and the use of legitimate remote administration tools as post-compromise infrastructure.
The Langflow vulnerability exploits three combined weaknesses: overly permissive Cross-Origin Resource Sharing (CORS) policy, absence of Cross-Site Request Forgery (CSRF) protection, and a code execution endpoint that is open by design for workflow orchestration. An attacker who can reach the Langflow instance, from the same network, via CORS-enabled cross-origin request, or from the internet if the instance is exposed, can execute arbitrary code on the underlying server and achieve full system compromise. No authentication is required in the default configuration.
Langflow is used in enterprise AI pipeline orchestration, machine learning workflow automation, and LLM application development. Cloud-hosted instances and developer environments with open CORS policies are the primary risk surface. Any Langflow deployment reachable from untrusted networks without authentication controls should be treated as potentially compromised pending investigation.
Remediation: Update Langflow to the patched version. Restrict Langflow instance access to trusted internal networks using firewall rules or network access control. Disable or restrict the CORS policy to known-good origins. Review server logs for unauthorized code execution indicators.
“CVE-2025-34291 allows an attacker to achieve full system compromise through three combined weaknesses in the Langflow AI builder. MuddyWater has operationalized this capability against enterprise targets.”
CISA Known Exploited Vulnerabilities Advisory, May 21, 2026
CVE-2026-34926: Trend Micro Apex One Directory Traversal Enables Agent Code Injection
CVE-2026-34926 is a directory traversal vulnerability in on-premise versions of Trend Micro Apex One with a CVSS score of 6.7. A pre-authenticated local attacker can exploit this flaw to modify a key table on the Apex One server and inject malicious code that deploys to managed agents across the organization's endpoint fleet. CISA added it to the KEV catalog on May 21, 2026, with a June 4 remediation deadline.
The impact extends beyond the Apex One server itself. A successful exploitation allows the attacker to push malicious code to every managed endpoint in the deployment, converting the enterprise endpoint management platform from a defensive tool into a lateral movement and mass deployment mechanism. In environments with hundreds or thousands of Apex One-managed endpoints, this represents a single-point-of-compromise to fleet-wide code execution path.
The "pre-authenticated local" attack requirement means the attacker needs an existing foothold on a host with local access to the Apex One server, typically achieved through initial access via phishing, credential stuffing, or an earlier vulnerability. In the context of this week's threat landscape, CVE-2026-34926 is a high-priority second-stage vulnerability: an attacker who gains initial access through CVE-2026-0257 PAN-OS VPN bypass or CVE-2026-41091 Defender privilege escalation is positioned to then exploit the Apex One server and push code to the entire managed endpoint fleet.
Remediation: Apply Trend Micro's patch for Apex One on-premise. Restrict local access to the Apex One server to authorized administrators only. Audit the Apex One server's agent update table for unauthorized modifications. Review agent deployment logs for any unexpected code pushes in the past 30 days.
Additional Threats This Week: FortiClient EKZ Credential Stealer and GreyVibe AI Lures
Two additional active threats require monitoring this week alongside the four CISA deadline items.
CVE-2026-35616, FortiClient EMS Credential Stealer EKZ. Threat actors are exploiting an authentication bypass in FortiClient Enterprise Management Server (EMS) to deliver a previously undocumented credential-stealing malware called EKZ. The exploit bypasses EMS authentication and deploys EKZ, which specifically targets stored credentials on managed endpoints. Organizations running FortiClient EMS should apply the available patch and audit EMS authentication logs for unauthorized access attempts. Check for unexpected EKZ process execution in endpoint detection logs.
GreyVibe, Russian AI-Lure Campaign Against Ukraine. A Russian-linked threat cluster tracked as GreyVibe is targeting Ukrainian entities with AI-generated social engineering lures. GreyVibe deploys a custom malware toolkit following successful lure delivery. The campaign uses AI-generated documents and communications to improve phishing quality and bypass user suspicion. The GreyVibe toolkit includes several custom malware families, specific IOC details are being withheld by researchers pending broader defensive deployment, but organizations supporting Ukrainian entities or in adjacent sectors should heighten phishing detection sensitivity and validate email authentication controls this week.
Crimson Collective telecom breach. The Crimson Collective ransomware group claimed a data theft attack against telecommunications provider Brightspeed affecting more than 1 million customers. The group is using a pure-exfiltration model without encryption, data is stolen and published rather than encrypted for ransom. Telecom sector organizations should verify that CRM, billing, and subscriber databases are not accessible from perimeter-adjacent systems that could serve as initial access vectors.
Subscribe to unlock Indicators of Compromise
Free subscribers unlock full IOC lists, Sigma detection rules, remediation steps, and every daily briefing.
This Week's Patch Priority Order: Where to Start Monday Morning
With four CISA deadlines and two additional active threats, the correct patch sequence is determined by exploitability, impact radius, and deadline urgency.
Priority 1, PAN-OS CVE-2026-0257 (Deadline: TODAY, June 1). The CISA deadline is already expired for federal agencies and the window for private-sector organizations is closing. Rapid7 confirmed successful exploitation granting internal network access. If you have GlobalProtect with authentication override cookies enabled and a shared certificate, either generate a dedicated override certificate or disable the feature now, before patching is complete.
Priority 2, Microsoft Defender CVE-2026-41091 + CVE-2026-45498 (Deadline: June 3). SYSTEM privilege escalation plus the ability to freeze Defender definition updates is a dangerous combination. Verify your engine and platform versions via PowerShell today. If Defender engine updates are blocked by policy, override that block for the 1.1.26040.8 and 4.18.26040.7 updates specifically.
Priority 3, Langflow CVE-2025-34291 (Deadline: June 4). Any internet-accessible Langflow instance is actively targeted by MuddyWater. Full system compromise requires no authentication. If you cannot patch today, take Langflow instances offline or restrict access to trusted networks immediately.
Priority 4, Trend Micro Apex One CVE-2026-34926 (Deadline: June 4). The attack requires a local foothold first, making it a second-stage risk rather than direct remote compromise. Patch this week but prioritize after CVE-2026-0257 and the Defender pair.
Priority 5, FortiClient EMS CVE-2026-35616. Apply the EMS patch and audit for EKZ credential stealer artifacts on managed endpoints.
For context on how multiple simultaneous patch deadlines reflect the broader exploitation-as-a-service economy, see the weekly threat roundup from May 2026 covering the prior wave of CISA KEV additions.
Check PAN-OS GlobalProtect certificate configuration immediately
Run: show config running | match certificate in PAN-OS CLI to identify if the same certificate is used for HTTPS service and authentication override. If shared, generate a dedicated certificate for authentication override or disable the feature before patch deployment.
Verify Microsoft Defender engine and platform versions
PowerShell: Get-MpComputerStatus | Select-Object AMEngineVersion, AMServiceVersion. Engine must reach 1.1.26040.8; platform must reach 4.18.26040.7. If auto-update is blocked by group policy, push the update via WSUS, Intune, or SCCM today, June 3 deadline.
Isolate or take down internet-accessible Langflow instances
Any Langflow instance reachable from untrusted networks is being actively targeted by MuddyWater. If immediate patching is not possible, block external access via firewall rule, restrict CORS to internal origins only, or take the instance offline pending update. Deadline June 4.
Apply Trend Micro Apex One patch and audit agent table
Apply the vendor patch for CVE-2026-34926. After patching, audit the Apex One server's agent code deployment table for unauthorized entries. Review agent update logs from the past 30 days for unexpected push events. Deadline June 4.
Patch FortiClient EMS and hunt for EKZ artifacts
Apply the CVE-2026-35616 FortiClient EMS patch. Search endpoint detection logs for EKZ process execution, unexpected credential access events, or new scheduled tasks created by the EMS agent process on managed endpoints.
Rotate credentials from any environment where these products are deployed
Any environment running the above products unpatched in the past two weeks should treat stored credentials as potentially compromised. Rotate service account passwords, API keys, and admin credentials for systems adjacent to exposed endpoints, VPN gateways, or AI development infrastructure.
Verify CISA KEV compliance status across your asset inventory
Cross-reference your asset management system against the current CISA KEV catalog (1,607 entries). Any asset running software listed in the catalog without confirmed patch status is a compliance risk and an active exposure. Prioritize assets with network access to production or critical systems.
Why This Week's CISA Patch Deadlines Matter for Your Organization
Four concurrent CISA patch deadlines expiring within 72 hours is not routine. The breadth of affected products, VPN gateway, endpoint security platform, AI builder, and endpoint management, reflects how threat actors move across the kill chain in 2026: compromise initial access via VPN bypass, escalate via endpoint security flaw, freeze defenses via endpoint protection bypass, then push payloads via endpoint management compromise.
The CISA Known Exploited Vulnerabilities catalog contains 1,607 entries as of June 2026, but the four this week share a property that elevates urgency: all four have confirmed exploitation before the patch deadline, not hypothetical future risk. CVE-2026-0257 was exploited 15 days before CISA's deadline. CVE-2026-41091 and CVE-2026-45498 were exploited before Microsoft's Patch Tuesday release. CVE-2025-34291 was exploited by a nation-state actor before the CISA addition. Deadlines for already-exploited vulnerabilities are not forecasts, they are acknowledgments that the attack is already happening.
Private-sector organizations are not legally bound by CISA BOD 22-01 deadlines, but the deadlines serve as a reliable prioritization signal. CISA adds CVEs to the KEV catalog only when exploitation in the wild is confirmed. A KEV addition with a short deadline indicates the exploitation volume or impact severity crossed an urgency threshold. This week's four simultaneous additions across four different vendors indicate a broad-front exploitation campaign, not isolated incidents.
The nation-state dimension raises the stakes further. MuddyWater (Iran) confirmed active on Langflow. Russian-attributed activity observed in Defender-compromised environments. These actors have operational goals beyond financial extortion: intelligence collection, pre-positioning for disruptive operations, and supply chain access. Organizations in government, defense, telecommunications, and critical infrastructure sectors should treat this week's patch cycle as a mandatory operational priority, not a routine patch Tuesday follow-up.
The minimum defensive action for any organization this week: verify patch status on all four products, confirm GlobalProtect does not use a shared certificate for authentication override, and rotate credentials on any environment where these products have been running unpatched for more than two weeks.
The bottom line
CISA patch deadlines June 2026 expire this week for 4 actively exploited products with confirmed nation-state involvement. The PAN-OS GlobalProtect CVE-2026-0257 deadline expired today, if your GlobalProtect uses a shared certificate for authentication override, fix that certificate configuration before the patch is deployed. Verify Microsoft Defender engine 1.1.26040.8 and platform 4.18.26040.7 are deployed by June 3. Take Langflow instances offline or restrict access by June 4 if patching is delayed, MuddyWater is actively exploiting it for full system compromise. Rotate credentials across any environment running these products unpatched in the past two weeks.
This analysis is generic — the platform version scores threats like this against your own stack.
Frequently asked questions
What is the CISA Known Exploited Vulnerabilities catalog?
The CISA Known Exploited Vulnerabilities catalog is a database maintained by the US Cybersecurity and Infrastructure Security Agency that lists software vulnerabilities with confirmed active exploitation in the wild. Under Binding Operational Directive 22-01, Federal Civilian Executive Branch agencies are required to remediate catalog entries by the specified deadline. Private-sector organizations use it as a prioritization tool because CISA only adds vulnerabilities with verified exploitation evidence, making it a reliable signal for which flaws attackers are actively weaponizing.
How does CVE-2026-0257 allow attackers to bypass PAN-OS GlobalProtect authentication?
CVE-2026-0257 exploits a certificate reuse issue in PAN-OS GlobalProtect. When the portal or gateway uses the same certificate for its HTTPS service and for encrypting authentication override cookies, the public key is derivable externally. An attacker who discovers that public key can forge authentication override cookies that the gateway accepts as valid, establishing a VPN connection without ever supplying real credentials. The attack requires no user interaction, only network access to the GlobalProtect portal or gateway. Organizations using a dedicated separate certificate for authentication override cookies are not affected.
What is the CVE-2026-41091 RedSun Microsoft Defender vulnerability?
CVE-2026-41091, tracked as RedSun, is a local privilege escalation vulnerability in the Microsoft Malware Protection Engine versions 1.1.26030.3008 and earlier. The flaw stems from improper link resolution before file access, allowing a low-privileged local user to escalate their access to SYSTEM-level privileges. Microsoft patched this on May 21, 2026 in engine version 1.1.26040.8. CISA confirmed active exploitation and ordered federal agencies to patch by June 3, 2026. Run Get-MpComputerStatus in PowerShell to verify your current engine version.
Which threat actor is exploiting Langflow CVE-2025-34291?
Iran-nexus APT group MuddyWater, assessed by CISA and US Cyber Command as operating under Iran's Ministry of Intelligence and Security, is actively exploiting CVE-2025-34291 in Langflow. MuddyWater has been active since at least 2017 and targets government, telecommunications, defense, and critical infrastructure. The Langflow vulnerability enables full system compromise without authentication by combining overly permissive CORS, absent CSRF protection, and an open code execution endpoint, giving MuddyWater a reliable initial access path into enterprise AI development environments.
How do I check if my PAN-OS GlobalProtect is vulnerable to CVE-2026-0257?
Check whether your GlobalProtect portal or gateway has authentication override cookies enabled and whether the same certificate is used for both the HTTPS service and the override cookie encryption. In the PAN-OS web interface, navigate to the GlobalProtect portal or gateway configuration and inspect the certificate assignment under the authentication profile. If the portal or gateway SSL/TLS service profile certificate matches the authentication override certificate, you are in the vulnerable configuration. Generate a dedicated certificate for authentication override as an immediate mitigation even before patching.
What is the CVE-2026-34926 Trend Micro Apex One vulnerability?
CVE-2026-34926 is a directory traversal vulnerability in on-premise Trend Micro Apex One with a CVSS score of 6.7. A pre-authenticated local attacker can use the flaw to modify a key server table and inject malicious code that Apex One deploys to its managed endpoint agents across the organization. This effectively converts the endpoint management platform into a mass lateral movement tool. The attack requires existing local access to the Apex One server first, making it a high-priority second-stage vulnerability in environments where perimeter defenses have already been breached.
Which of this week's CISA vulnerabilities is most urgent to patch first?
CVE-2026-0257 PAN-OS GlobalProtect is the highest priority because the CISA deadline expired June 1 and Rapid7 confirmed successful exploitation granting internal network access since May 17. Patch or mitigate this first. Second priority is the Microsoft Defender pair CVE-2026-41091 and CVE-2026-45498 with a June 3 deadline, verify your Defender engine and platform versions today. Third is Langflow CVE-2025-34291 with a June 4 deadline and active MuddyWater exploitation. Trend Micro Apex One CVE-2026-34926 is fourth, it requires a local foothold, making it a second-stage risk lower than the remote-accessible flaws.
Does the CISA KEV deadline apply to private-sector organizations?
CISA Binding Operational Directive 22-01 legally applies only to Federal Civilian Executive Branch agencies. Private-sector organizations are not legally required to meet CISA KEV remediation deadlines. However, the deadlines serve as a reliable urgency indicator for all organizations: CISA adds vulnerabilities to the KEV catalog only when exploitation is confirmed in the wild, and the deadline length reflects how actively the vulnerability is being weaponized. Security teams use KEV deadlines as a prioritization framework regardless of legal obligation, a short deadline signals high active exploitation volume.
Sources & references
- CISA, Known Exploited Vulnerabilities Catalog
- Rapid7, Observed Exploitation of PAN-OS GlobalProtect CVE-2026-0257
- The Hacker News, Microsoft Warns of Two Actively Exploited Defender Vulnerabilities
- The Hacker News, CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV
- BleepingComputer, Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks
- Help Net Security, Microsoft Defender vulnerabilities exploited in the wild
Free resources
Critical CVE Reference Card 2025–2026
25 actively exploited vulnerabilities with CVSS scores, exploit status, and patch availability. Print it, pin it, share it with your SOC team.
Ransomware Incident Response Playbook
Step-by-step 24-hour IR checklist covering detection, containment, eradication, and recovery. Built for SOC teams, IR leads, and CISOs.
Get threat intel before your inbox does.
50,000+ security professionals read Decryption Digest for early warnings on zero-days, ransomware, and nation-state campaigns. Free, daily, no spam.
Unsubscribe anytime. We never sell your data.

Founder & Cybersecurity Evangelist, Decryption Digest
Cybersecurity professional with expertise in threat intelligence, vulnerability research, and enterprise security. Covers zero-days, ransomware, and nation-state operations for 50,000+ security professionals every morning.
Win a $2,495 Black Hat pass.
Full-access to Black Hat USA 2026 in Las Vegas. Subscribe free to enter.
