CVE-2026-7663
CriticalCVSS 9.1Exploitation Probability (EPSS)
Low risk17th percentile — higher than 17% of all known CVEs
Summary
IBM Langflow OSS versions 1.0.0 through 1.9.6 contain a vulnerability due to improper authorization enforcement in the Streamable MCP transport endpoint. This allows unauthenticated attackers to access protected MCP project resources and execute MCP operations.
Risk Assessment
The risk includes unauthorized access to sensitive data and operations within MCP projects, potentially leading to information disclosure or workflow manipulation without proper authorization.
Recommendation
It is recommended to immediately upgrade IBM Langflow OSS to version 1.9.7 or later, which includes a fix for this vulnerability. Also review authorization configuration for MCP endpoints.
Original NVD description (English source)
IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint.

