COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-7663

CVE-2026-7663

Severity
critical
Source
NVD · cve
Published
2026-06-30
CVSS
9.1
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-7663
shame 35/100

IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint.

Players implicated

Langflow · vendorLangflow · product

Description

IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.