CVE-2026-7663
IBM · Langflow OSS
An improper authorization vulnerability in the IBM Langflow OSS Streamable MCP transport endpoint allows unauthenticated attackers to access and execute MCP operations.
Executive summary
IBM Langflow OSS is affected by a critical authorization bypass vulnerability that enables unauthenticated remote attackers to execute arbitrary MCP project operations.
Vulnerability
The flaw resides in the Streamable MCP transport endpoint, which fails to enforce proper authorization checks. This allows unauthenticated users to interact with and execute operations on protected MCP project resources.
Business impact
With a CVSS score of 9.1, this vulnerability presents an extreme risk to the integrity and confidentiality of projects managed within Langflow OSS. Unauthorized execution of MCP operations could lead to data manipulation, loss of intellectual property, or the potential for further system compromise via injected workflows.
Remediation
Immediate Action: Update IBM Langflow OSS to the latest available version immediately to remediate the authorization enforcement flaw.
Proactive Monitoring: Monitor network traffic and application logs for unauthorized access attempts or suspicious calls to the Streamable MCP transport endpoint.
Compensating Controls: Restrict network access to the Langflow instance via IP whitelisting or VPN-only access to prevent reachability by unauthenticated external actors.
Exploitation status
Public Exploit Available: No
Analyst recommendation
This vulnerability is highly critical due to the lack of required authentication for sensitive operations. Organizations utilizing Langflow OSS must treat this as a top-priority remediation task, ensuring that the software is patched to a version that correctly enforces authorization logic.