Loading market data...
← Back to CVE feed

CVE-2026-7663

CRITICAL CVSS 9.1 View on NVD ↗

Description

IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Published: Jun 30, 2026 20:17 UTC Modified: Jul 01, 2026 13:58 UTC