CVE-2026-7663

Source
https://cve.org/CVERecord?id=CVE-2026-7663
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-7663.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-7663
Published
2026-06-30T20:17:31.280Z
Modified
2026-07-15T06:10:13.723016Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint.

References

Affected packages

Git / github.com/langflow-ai/langflow

Affected ranges

Type
GIT
Repo
https://github.com/langflow-ai/langflow
Events
Database specific
{
    "cpe": "cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "1.0.0"
        },
        {
            "fixed": "1.10.0"
        }
    ]
}

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-7663.json"