Jump to the main content block
  1. Home
  2. Information Security
  3. Vulnerability Alert

【Vulnerability Alert】CISA Added 3 Known Exploited Vulnerabilities to the KEV Catalog (2026/03/23-2026/03/29)

publish date : 2026-04-02 update date : 2026-04-02

Source: Ministry of education information & communication security contingency platform

"" "" ""

Publication Number TACERT-ANA-2026033002035959 Publication Time 2026/03/30 14:25
Incident Type ANA-Vulnerability Alert Discovery Time 2026/03/30 14:25
Impact Level Low  
[Subject]
【Vulnerability Alert】CISA Added 3 Known Exploited Vulnerabilities to the KEV Catalog (2026/03/23-2026/03/29)
[Content]
Forwarded from TWCERTCC-200-202603-00000023

【CVE-2026-33017】Langflow Code Injection Vulnerability (CVSS v3.1: 9.8)
【Known to Be Used by Ransomware: Unknown】 Langflow contains a code injection vulnerability that may allow the creation of public flows without authentication.

【CVE-2026-33634】Aquasecurity Trivy Embedded Malicious Code Vulnerability (CVSS v3.1: 8.8)
【Known to Be Used by Ransomware: Unknown】 Aquasecurity Trivy contains an embedded malicious code vulnerability that may allow an attacker to obtain full access to the CI/CD environment, including all tokens, SSH keys, cloud credentials, database passwords, and any sensitive configurations stored in memory.

【CVE-2025-53521】F5 BIG-IP Unspecified Vulnerability (CVSS v3.1: 9.8)
【Known to Be Used by Ransomware: Unknown】 F5 BIG-IP AMP contains an unspecified vulnerability that may allow an attacker to execute remote code.


(Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform]

【CVE-2026-33017】Please refer to the affected versions listed by the official source: https://github.com/langflow-ai/langflow/security/advisories/GHSA-vwmf-pq79-vjvx

【CVE-2026-33634】Please refer to the affected versions listed by the official source: https://github.com/aquasecurity/trivy/security/advisories/GHSA-69fq-xp46-6x23

【CVE-2025-53521】Please refer to the affected versions listed by the official source: https://my.f5.com/manage/s/article/K000156741
[Recommended Actions]

【CVE-2026-33017】 The official fix for this vulnerability has been released. Please update to the relevant version: https://github.com/langflow-ai/langflow/security/advisories/GHSA-vwmf-pq79-vjvx

【CVE-2026-33634】 The official fix for this vulnerability has been released. Please update to the relevant version: https://github.com/aquasecurity/trivy/security/advisories/GHSA-69fq-xp46-6x23

【CVE-2025-53521】 The official fix for this vulnerability has been released. Please update to the relevant version: https://my.f5.com/manage/s/article/K000156741
[Reference]
 
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer: Computer Center
Click Num:
Print