CVE-2026-7663: IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected MCP project resources and
Summary
IBM Langflow OSS (open-source software) versions 1.0.0 through 1.9.6 has a security flaw where attackers without login credentials can access protected project resources and perform operations through the Streamable MCP (model context protocol, a system for AI tools to communicate) transport endpoint because the software fails to properly check user permissions. This vulnerability affects the authorization layer, meaning the system doesn't adequately verify who is allowed to do what.
Vulnerability Details
9.1(critical)
EPSS: 0.0%
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
network
low
none
none
June 30, 2026
Classification
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-7663
First tracked: June 30, 2026 at 08:09 PM
Classified by LLM (prompt v3) · confidence: 92%