AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2026-7787: IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypass

highvulnerability

security

Source: NVD/CVE DatabaseJune 11, 2026CVE-2026-7787

Summary

IBM Langflow OSS versions 1.0.0 through 1.9.1 have a security flaw where authenticated users (those already logged in) can bypass proper access controls using insecure direct object references (IDOR, where an attacker can access other users' data by guessing or modifying object identifiers in requests), allowing them to read or modify sensitive information they shouldn't have access to.

Vulnerability Details

CVSS Score

7.5(high)

EPSS (30-day exploit probability)

EPSS: 0.0%

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

network

Attack Complexity

low

Privileges Required

none

User Interaction

none

Disclosure Date

June 11, 2026

Classification

Attack Type

Other

Attack SophisticationTrivial

Impact (CIA+S)

confidentialityintegrity

Taxonomy References

CWE (Weakness Type)

CWE-639

Affected Vendors

LangChain

Related Issues

medium

CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e

Same vendorNVD/CVE Database

critical

CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-

Same vendor

Monthly digest — independent AI security research

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-7787

First tracked: June 12, 2026 at 08:08 AM

Classified by LLM (prompt v3) · confidence: 92%