IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint.
PUBLISHED5.2ApplicationCWE-287
Unauthenticated Flow Execution via Webhook Endpoint in Langflow OSS
Problem type
Affected products
IBM
Langflow OSS
<= 1.8.4 - AFFECTED
References
GitHub Security Advisories
GHSA-4pf4-j777-cgmf
IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected...
https://github.com/advisories/GHSA-4pf4-j777-cgmfIBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint.
JSON source
https://cveawg.mitre.org/api/cve/CVE-2026-7664Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2026-7664",
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"dateUpdated": "2026-06-23T03:55:58.300Z",
"dateReserved": "2026-05-01T19:46:59.287Z",
"datePublished": "2026-06-22T14:10:25.584Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm",
"dateUpdated": "2026-06-22T14:10:25.584Z"
},
"title": "Unauthenticated Flow Execution via Webhook Endpoint in Langflow OSS",
"descriptions": [
{
"lang": "en",
"value": "IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint.",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "<p>IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint.</p>"
}
]
}
],
"affected": [
{
"vendor": "IBM",
"product": "Langflow OSS",
"cpes": [
"cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:langflow_oss:1.8.4:*:*:*:*:*:*:*"
],
"versions": [
{
"version": "1.0.0",
"status": "affected",
"versionType": "semver",
"lessThanOrEqual": "1.8.4"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "CWE-287 Improper Authentication",
"cweId": "CWE-287",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7277243",
"tags": [
"vendor-advisory",
"patch"
]
}
],
"metrics": [
{
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
],
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
}
}
],
"solutions": [
{
"lang": "en",
"value": "IBM strongly recommends addressing the vulnerability now by upgrading Langflow OSS to version 1.9.1 https://pypi.org/project/langflow/",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "<p>IBM strongly recommends addressing the vulnerability now by upgrading <a href=\"https://pypi.org/project/langflow/\" rel=\"nofollow\">Langflow OSS to version 1.9.1</a></p>"
}
]
}
]
},
"adp": [
{
"providerMetadata": {
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP",
"dateUpdated": "2026-06-23T03:55:58.300Z"
},
"title": "CISA ADP Vulnrichment",
"metrics": [
{}
]
}
]
}
}