IBM Langflow OSS contains a critical authorization flaw that allows unauthenticated attackers to manipulate protected project resources and execute unauthorized operations.

The vulnerability exists within the Streamable MCP transport endpoint, which fails to properly enforce authorization checks. This allows an unauthenticated attacker to interact with protected MCP projects and perform unauthorized actions.

With a CVSS score of 9.8, this vulnerability carries a high risk of unauthorized data access and manipulation. Exploitation could lead to the exposure of sensitive proprietary project data or the malicious modification of operational workflows, resulting in significant business disruption and potential loss of intellectual property.

Immediate Action: Update IBM Langflow OSS to the latest version as recommended by the vendor to enforce proper authorization controls.

Proactive Monitoring: Review access logs for unusual patterns of interaction with the MCP transport endpoint or unauthorized attempts to access project-specific resources.

Compensating Controls: Deploy a Web Application Firewall (WAF) with rules configured to block suspicious requests directed at the MCP transport endpoint.

Public Exploit Available: No

This vulnerability presents a severe risk to project integrity and data security. Administrators must apply the vendor-provided patch immediately to ensure that authorization mechanisms are correctly enforced and that unauthorized access is blocked.