CVE-2026-7664
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk19th percentile — higher than 19% of all known CVEs
Summary
IBM Langflow OSS versions 1.0.0 through 1.8.4 contain a vulnerability due to improper authorization enforcement in the Streamable MCP transport endpoint. This allows unauthenticated attackers to access protected MCP project resources and execute MCP operations.
Risk Assessment
The risk for the organization includes unauthorized access to sensitive MCP project data and the ability to perform unwanted operations, potentially leading to confidentiality and integrity breaches.
Recommendation
It is recommended to immediately upgrade IBM Langflow OSS to version 1.8.5 or later, which includes a fix for this vulnerability. Until the update is applied, restrict access to the Streamable MCP endpoint to trusted networks only.
Original NVD description (English source)
IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint.

