CISA expands KEV catalog and reporting tools with precision updates, White House delays AI executive order over innovation and China competitiveness, five new ICS advisories issued, and CrowdStrike brings Claude Enterprise activity into Falcon for full visibility, detection, and response.
CISA Adds Two New Actively Exploited Vulnerabilities to KEV Catalog
CISA added CVE-2025-34291 (Langflow origin validation error) and CVE-2026-34926 (Trend Micro Apex One on-premise directory traversal) to the Known Exploited Vulnerabilities catalog on May 21. Both show evidence of active exploitation. CVE-2026-34926 is exploitable only on the on-premise version and requires administrative credentials already obtained on the Apex One server. Federal agencies must prioritize remediation under BOD 22-01; all organizations should review and patch affected systems immediately.
CISA Launches New KEV Nomination Form for Researchers and Vendors
CISA introduced an online nomination form to streamline reporting of exploited vulnerabilities. Integrated with the Vulnerability Disclosure Policy and Coordinated Vulnerability Disclosure programs, the form improves submission quality and speeds threat validation and sharing. Acting Executive Assistant Director for Cybersecurity Chris Butera stated that this new reporting capability enhances CISA’s ability to identify, validate, and quickly share critical threat information, adding that early detection and coordinated vulnerability disclosure are among the most powerful tools we have to reduce risk at scale. Researchers and partners can submit via the form or email vulnerability at cisa dot dhs dot gov.
White House Postpones AI Executive Order Signing
The planned signing ceremony for a new AI executive order was postponed hours before the event. The order was expected to address pre-evaluation of frontier models for cybersecurity vulnerabilities. President Trump cited concerns that certain provisions could slow American innovation and technological leadership in the global AI race with China. Policy watchers should monitor for rescheduling and implications for federal AI governance.
CISA Issues Five ICS Advisories in ICSA-26-141 Series for ABB B&R and Related Systems
Five new Industrial Control Systems advisories cover vulnerabilities in ABB B&R PCs, Automation Studio, Automation Runtime, Terra AC Wallbox, and related components. Critical infrastructure and manufacturing operators should review mitigations and update affected OT environments promptly.
CrowdStrike Integrates Claude Enterprise and Platform Activity into Falcon Platform
CrowdStrike added integration of Claude Enterprise and Claude Platform activity logs and full conversation content into the Falcon platform. The capability delivers centralized visibility, detection, response, and governance by feeding data into Falcon Next-Gen SIEM and Charlotte Agentic SOAR. SOC teams gain enhanced processing without leaving the console.
Topics We’re Tracking (But Didn’t Make the Cut)
Ongoing Microsoft Edge security updates
Broader discussions on AI model vetting and export controls
Enterprise adoption trends for agentic AI in regulated sectors
Sources
Washington Post, Axios, CNBC, PBS/AP reporting on AI EO postponement (May 21, 2026)
https://www.cisa.gov/news-events/ics-advisories/icsa-26-141-01 through ICSA-26-141-05
The Exchange Daily and Weekly deliver verified public-source intelligence for executive decision-makers. All information is from reputable, publicly available sources. Every effort is made to keep details accurate as of publication time, but readers should always confirm time-sensitive items such as policy changes, budget figures, and timelines with official documents and briefings. Always validate with primary sources before action.
The Exchange Daily and the Exchange Weekly do not constitute legal, investment, procurement, security, compliance, or technical advice. Content is for informational purposes only.
The Exchange Daily and Weekly are a production of Metora Solutions LLC, a HUBZone and Service Disabled Veteran Owned Small Business. All rights reserved. Copyright Metora Solutions LLC 2026.
