Lucene search
K

5 matches found

NVD
NVD
added 2026/06/30 8:17 p.m.6 views

CVE-2026-7663

IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint...

9.8CVSS0.00259EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 7:16 p.m.46 views

CVE-2026-7663 Unauthenticated Cross-User MCP Resource Access and Tool Execution via Streamable Transport Authorization Bypass

IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint...

9.1CVSS0.00259EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 7:16 p.m.30 views

CVE-2026-7663

Langflow OSS 1.0.0–1.9.6 is affected by an improper authorization vulnerability in the Streamable MCP transport endpoint (/api/v1/mcp/project/{project_id}/streamable) that allows unauthenticated attackers to access protected MCP resources and perform MCP operations. IBM bulletin cites cross‑user ...

9.8CVSS5.8AI score0.00259EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.7 views

PT-2026-53946

Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.9.6 Description Improper authorization enforcement in the Streamable MCP transport endpoint allows unauthenticated attackers to access protected MCP project resources and execute MCP operations...

9.8CVSS6AI score0.00259EPSS
Exploits0References6
CVE
CVE
added 2026/06/22 2:10 p.m.15 views

CVE-2026-7664

Summary: IBM Langflow OSS versions 1.0.0–1.8.4 are affected by an unauthenticated access issue due to improper authorization enforcement on the Streamable MCP transport endpoint, potentially allowing access to protected MCP project resources and execution of MCP operations. Affected products/vers...

9.8CVSS5.9AI score0.00277EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder