{"data":{"id":"0931e7f3-8167-4ab9-8214-b92cc94844b4","title":"CVE-2026-7787: IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypass","summary":"IBM Langflow OSS versions 1.0.0 through 1.9.1 have a security flaw where authenticated users (those already logged in) can bypass proper access controls using insecure direct object references (IDOR, where an attacker can access other users' data by guessing or modifying object identifiers in requests), allowing them to read or modify sensitive information they shouldn't have access to.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-7787","publishedAt":"2026-06-11T16:16:25.090Z","cveId":"CVE-2026-7787","cweIds":["CWE-639"],"cvssScore":"7.5","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["IBM Langflow OSS"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-11T16:16:25.090Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}