CVE-2026-7664: Critical Authorization Bypass in IBM Langflow OSS MCP Endpoint

"IBM Langflow OSS contains a critical flaw that lets unauthenticated attackers reach protected MCP project resources and run MCP operations through the Streamable MCP transport endpoint."

IBM Langflow OSS contains a critical flaw that lets unauthenticated attackers reach protected MCP project resources and run MCP operations through the Streamable MCP transport endpoint.

What Is It

CVE-2026-7664 is an improper authorization vulnerability (CWE-285) in IBM Langflow OSS. Because authorization is not properly enforced on the Streamable MCP transport endpoint, an unauthenticated remote attacker can access protected MCP project resources and execute MCP operations. It carries a CVSS 3.1 base score of 9.8 (CRITICAL), vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, meaning the attack is network-reachable, low-complexity, requires no privileges or user interaction, and fully compromises confidentiality, integrity, and availability.

Why It Matters

The combination of no authentication, network reach, and full impact makes this a top-priority issue. An attacker who can reach an exposed Langflow instance can interact with MCP project resources they should never have access to and invoke operations against them, without credentials. There is no public CISA KEV entry indicating confirmed active exploitation in the supplied source material; however, the 9.8 severity and trivial exploitability warrant urgent remediation regardless.

What's Vulnerable

Product: IBM Langflow OSS
Affected versions: 1.0.0 through 1.8.4 (inclusive)
Vulnerable component: the Streamable MCP transport endpoint, where authorization enforcement is improperly applied

The NVD record was published 2026-06-22 and is currently listed as "Undergoing Analysis," with IBM PSIRT as the source identifier.

Patch Status

IBM has published a support advisory for this vulnerability (node 7277243). Administrators running affected versions (1.0.0–1.8.4) should consult the IBM advisory below for the fixed release and required remediation, and prioritize updating exposed instances given the unauthenticated, network-facing nature of the flaw.

Sources

IBM Support Advisory; https://www.ibm.com/support/pages/node/7277243
NVD: CVE-2026-7664; https://nvd.nist.gov/vuln/detail/CVE-2026-7664