CVE-2026-7664 in Langflow OSS
Summary
by MITRE • 06/22/2026
IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 06/22/2026
This vulnerability affects IBM Langflow Open Source Software versions 1.0.0 through 1.8.4 and represents a critical authorization bypass flaw that exposes protected MCP project resources to unauthenticated attackers. The issue resides within the Streamable MCP transport endpoint where insufficient access controls allow malicious actors to directly access and manipulate protected resources without proper authentication or authorization validation. This weakness enables attackers to execute arbitrary MCP operations against the affected system, potentially leading to complete compromise of the application's protected functionality.
The technical implementation flaw stems from inadequate input validation and access control mechanisms within the Streamable MCP transport endpoint. When legitimate requests are processed through this component, the system fails to properly verify the identity and authorization status of incoming connections before granting access to sensitive project resources. This represents a classic authorization bypass vulnerability that allows unauthenticated users to perform operations that should be restricted to authorized personnel only. The flaw exists at the application layer where proper authentication checks should occur but are either missing or insufficiently enforced.
The operational impact of this vulnerability is significant as it provides attackers with direct access to MCP project resources and the ability to execute arbitrary operations within the Langflow environment. An unauthenticated attacker could potentially manipulate project configurations, access sensitive data, or perform destructive operations that compromise the integrity and confidentiality of protected resources. This vulnerability essentially removes the authentication barrier that should protect critical application components, making it particularly dangerous in environments where MCP projects contain sensitive information or control critical workflows.
From a cybersecurity perspective, this vulnerability maps to CWE-285 which specifically addresses improper authorization issues in software systems. The flaw also aligns with ATT&CK technique T1078 which covers valid accounts and privilege escalation through unauthorized access to protected resources. Organizations using affected IBM Langflow versions should immediately implement mitigations including patching to the latest available version, implementing additional authentication layers, and conducting comprehensive security reviews of all transport endpoints. Network segmentation and monitoring of the Streamable MCP transport endpoint should also be implemented to detect and prevent unauthorized access attempts.
The remediation approach requires immediate deployment of patches from IBM addressing the authorization enforcement flaw in the Streamable MCP transport endpoint. Organizations should also consider implementing additional security controls such as API gateways with proper authentication enforcement, rate limiting on transport endpoints, and comprehensive logging of all access attempts. Security teams should conduct thorough vulnerability assessments to identify any other endpoints that may exhibit similar authorization bypass characteristics. Regular security testing including penetration testing and authorization reviews should be implemented to ensure that similar flaws are not present in other components of the Langflow ecosystem.
This vulnerability demonstrates the critical importance of proper authorization enforcement in distributed application systems where multiple transport mechanisms exist for accessing protected resources. The flaw highlights the need for comprehensive security testing during development lifecycle phases to identify authorization gaps before deployment. Organizations should establish robust security practices including regular code reviews focused on access control implementation, automated security scanning tools, and continuous monitoring of application endpoints for unauthorized access patterns that could indicate exploitation attempts against similar authorization bypass vulnerabilities.