U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Trend Micro Apex One and Langflow flaws to its Known Exploited Vulnerabilities catalog.
CVE-2026-34926 Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability
CVE-2025-34291 (CVSS score of 9.4) is an origin validation error issue in Langflow, An attacker can exploit the flaw to execute arbitrary code and achieve full system compromise.
A report published by Obsidian Security back in December 2025 laid out exactly why CVE-2025-34291 is as dangerous as it sounds. The vulnerability chains three separate weaknesses together: overly permissive CORS settings, missing CSRF protection, and an endpoint that is designed to execute code, meaning an attacker does not need to find a clever bypass, they just need to reach something that was built to run code in the first place.
“The impact is severe: successful exploitation not only compromises the Langflow instance but also exposes all sensitive access tokens and API keys stored within the workspace. This can trigger a cascading compromise across all integrated downstream services in cloud and SaaS environments,” Obsidian noted at the time.
In March 2026, Ctrl-Alt-Intel published a report documenting active exploitation of CVE-2025-34291 by MuddyWater, an Iran-nexus APT group, which used the vulnerability to gain initial access to target networks. When a nation-state actor is actively using something in real intrusions, the conversation shifts from “you should patch this” to “if you have not patched this, assume you may already have a problem.”
CVE-2026-34926 (CVSS score of 6.7) is a directory traversal flaw in on-premise Trend Micro Apex One that lets a local attacker modify server tables and inject malicious code to affected agents. Trend Micro has confirmed that CVE-2026-34926 is actively exploited in the wild.
“We observed at least one instance of an attempt to actively exploit one of these vulnerabilities in the wild.” reads the advisory. “This vulnerability is only exploitable on the on-premise version of Apex One and a potential attacker must have access to the Apex One Server and already obtained administrative credentials to the server via some other method to exploit this vulnerability.”
Three-row family SUVs are expected to do everything; carry passengers comfortably, handle long road trips, keep running costs manageable, and remain dependable for years. Finding one that checks every box without becoming too expensive can be difficult, especially when fuel economy starts to matter as much as space. One hybrid Toyota stands out by delivering all of those priorities in a single package.
This three-row SUV combines the practicality families need with the efficiency advantages of hybrid power. It offers spacious seating, strong everyday comfort, and the kind of long-term reliability Toyota is known for, while using significantly less fuel than many traditional V-6 rivals in the same segment.
For buyers balancing family needs with ownership costs, that combination makes a major difference. It proves that a large SUV doesn’t have to be expensive to run or stressful to own, just thoughtfully engineered around what families actually need most.
In order to give you the most up-to-date and accurate information possible, the data used to compile this article was sourced from various manufacturer websites, including the EPA, CarEdge, and J.D. Power.
You can also expect long range and ample in-cabin tech.
The 2026 Toyota Grand Highlander Hybrid is affordable and built to last
Dependability is a big priority here
If you’re looking for a family SUV that is spacious, light on gas, and will last you a long time with few issues, then the Grand Highlander Hybrid feels like a no-brainer. It is slightly pricier than some of its direct rivals, but Toyota’s experience in developing hybrid means that you can rest peacefully knowing that this three-row SUV should last you years without any problem.
2026 Toyota Grand Highlander Hybrid trims and pricing
Model
Starting MSRP
LE
$45,210
XLE
$46,380
Limited
$52,710
Nightshade Edition
$53,690
Platinum
$59,775
Compared to other hybrid three-row SUVs, the Grand Highlander is priced pretty well. While there are some more affordable options, like the Hyundai Palisade and Santa Fe, it undercuts rivals like the Kia Telluride and the Mazda CX-90. This middle of the pack pricing is about on-par for Toyota.
Of the above trims, we think that opting for the XLE gets you the best bang for your buck. It comes with all the features you’d want in a family hauler, such as a power-operated liftgate, a spattering of USB-C ports throughout the cabin, heated front seats, faux-leather upholstery, and a very comprehensive suite of driver aids.
Warranties, maintenance, and reliability
Reliability score: 82/100 (J.D. Power)
Limited warranty: 3 years or 36,000 miles
Powertrain warranty: 5 years or 60,000 miles
Complimentary maintenance: 2 years or 24,000 miles
Average ten-year maintenance costs: $6,299 (CarEdge)
Toyota offers a pretty standard warranty package to back up their reputation for reliability. While the Grand Highlander is technically a newer model, it is essentially just a long wheelbase version of the regular Highlander, meaning its mechanical components have proven themselves to be dependable.
Your first two years or scheduled maintenance visits are free with your purchase of a Grand Highlander. After that point, maintenance is reasonably affordable. CarEdge estimates that the average SUV would cost you $1,867 more to maintain over ten years than the Grand Highlander.
Mercedes may lead luxury, but this Lexus SUV delivers the same upscale feel with way less ownership stress.
There is plenty of space in all three rows of the Grand Highlander Hybrid
Its cabin is simple but exceptionally practical
While the cabins of Toyota’s vehicles are usually a little pedestrian, there is something to be said about how versatile they are, as well as how easy they are to live with. The Grand Highlander definitely follows this trend. While it lacks the flair that some of its rivals offer, it delivers three rows of spacious seating, tons of modern tech, and loads of storage space.
The cabin layout of the Grand Highlander is very neat. Everything is easy to find and there are a ton of storage compartments scattered throughout. Its design won’t blow you away, but you’ll be pleased with just how intuitive all the controls are. The most affordable trims focus on the essentials, but top trims can come with some pretty plush features, including genuine leather upholstery, heated and ventilated front seats, and captain’s chairs in the second row.
Material
Oxford
Organizer Dimensions
21″L x 14.6″W x 10.3″H
Special Feature
Foldable
This 13.5-gallon trunk organizer features compartments to organize and store groceries, sports equipment, emergency supplies, and other daily essentials.
Infotainment and technology
Every Grand Highlander comes equipped with a 12.3-inch infotainment screen mounted to the top of the dashboard. Lower trim levels come with a hybrid gauge cluster that includes a seven-inch display in the middle, but from the Limited up you get a fully digital 12.3-inch unit instead.
As we already mentioned, there are a number of USB-C ports throughout the cabin, so that the whole family can charge their devices. A wireless charging pad is also included. Three-zone automatic climate control and wireless smartphone mirroring are standard on every trim level. Top trims also offer some better tech, including a heads-up display and an 11-speaker JBL sound system.
Hauling the family doesn’t have to mean spending a ton on gas
The Grand Highlander hybrid is impressively thrifty
Credit: Toyota
Toyota’s ideology of function over form definitely translates into how they tune the performance of their cars. The Grand Highlander Hybrid may not be the most interesting SUV from behind the wheel, but its fuel-sipping powertrain and plush ride means that it will save you money in the long run and keep the family happy.
Grand Highlander Hybrid performance and efficiency
Model
Hybrid
Hybrid MAX
Engine
2.5-liter naturally aspirated inline-four
2.4-liter turbocharged inline-four
Transmission
CVT
6-speed automatic
Horsepower
245 HP
362 HP
Torque
288 LB-FT
400 LB-FT
Driveline
FWD or AWD
AWD
0-60 MPH
7.8 seconds
5.6 seconds
The Grand Highlander Hybrid comes in two different forms. Most models feature a naturally aspirated inline-four under the hood. The Platinum comes exclusively with the Hybrid MAX setup, though, with the Limited offering a choice of either. The standard hybrid powertrain better suits the Grand Highlander in our mind, with the Hybrid MAX’s quick acceleration clashing with the SUV’s laid-back personality, especially because it takes it toll when it comes to efficiency.
As is the case with a lot of Toyota’s mainstream models, the Grand Highlander lacks excitement, even accounting for the Hybrid MAX’s quick acceleration. Steering is exceptionally light and vague, and the suspension is clearly set up for comfort. This isn’t a bad thing in our eyes, though, as the mission of the Japanese SUV is to get your family from A to B. This is where its comfortable ride quality really shines through.
Fuel economy
Model
City
Highway
Combined
Hybrid FWD
37 MPG
34 MPG
36 MPG
Hybrid AWD
36 MPG
32 MPG
34 MPG
Hybrid MAX AWD
26 MPG
27 MPG
27 MPG
There are few SUVs as well-suited to family life
Toyota skips the flash and the gimmicks that a lot of other brands have leaned into in the last couple of years. They focus instead on proven technology and long-term dependability. If you’re buying a family vehicle, that should be high up on your list of priorities. Any parent will tell you that they’d take simple functionality over anything, which is what makes the Grand Highlander Hybrid such a solid choice in this segment.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
May 22, 2026
