Unauthenticated Flow Execution via Webhook Endpoint in Langflow OSS
Summary
| CVE | CVE-2026-7664 |
|---|---|
| State | PUBLISHED |
| Assigner | ibm |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-06-22 16:16:41 UTC |
| Updated | 2026-06-22 17:09:39 UTC |
| Description | IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint. |
Risk And Classification
Primary CVSS: v3.1 9.8 CRITICAL from [email protected]
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Problem Types: CWE-287 | CWE-287 CWE-287 Improper Authentication
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Primary | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| 3.1 | CNA | CVSS | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | IBM | Langflow OSS | affected 1.0.0 1.8.4 semver | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.ibm.com/support/pages/node/7277243 | [email protected] | www.ibm.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Additional Advisory Data
Solutions
CNA: IBM strongly recommends addressing the vulnerability now by upgrading Langflow OSS to version 1.9.1 https://pypi.org/project/langflow/
There are currently no legacy QID mappings associated with this CVE.