PT-2026-51341 · Ibm · Langflow Oss
Published
2026-06-22
·
Updated
2026-06-22
·
CVE-2026-7664
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
IBM Langflow OSS versions 1.0.0 through 1.8.4
Description
Improper authorization enforcement in the Streamable MCP transport endpoint allows unauthenticated attackers to access protected MCP project resources and execute MCP operations.
Recommendations
Update IBM Langflow OSS to a version later than 1.8.4.
Restrict access to the Streamable MCP transport endpoint to minimize the risk of exploitation.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Langflow Oss