Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
2605 articles · 173347 vulns · 37/41 feeds (7d)
← Back to list
9.1
CVE-2026-7663PATCHED
ibm · langflow oss

Unauthenticated Cross-User MCP Resource Access and Tool Execution via Streamable Transport Authorization Bypass

Description

IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint.

Affected Products

VendorProductVersions
ibmlangflow oss1.0.0

References

  • https://www.ibm.com/support/pages/node/7277570(vendor-advisory, patch)

Related News (1 articles)

Tier C
VulDB8d ago
CVE-2026-7663 | IBM Langflow OSS up to 1.9.6 Streamable MCP Transport Endpoint improper authorization
→ No new info (linked only)
CVSS 3.19.1 CRITICAL
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CISA KEV❌ No
Actively exploited❌ No
Patch available
https://www.ibm.com/support/pages/node/7277570
CWECWE-285
PublishedJun 30, 2026
Trending Score16
Source articles1
Independent1
Info Completeness0/14
Missing: cve_id, title, description, vendor, product, versions, cvss, epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

CRITICALCVE-2026-9074
IBM API Connect SQL Injection
Trending: 41
HIGHPRE-CVE
Multiple Vulnerabilities in IBM Operational Decision Manager Allow Code Execution, Privilege Escalation, DoS, Information Disclosure, File Manipulation, and Security Bypass
Trending: 27
HIGHCVE-2026-3144
IBM API Connect Default Credentials
Trending: 25
CRITICALCVE-2026-10109
IBM® Db2® is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling
Trending: 21
CRITICALCVE-2026-7803
Flow Validation Bypass via Empty Component Type Field
Trending: 16

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jun 30, 2026
Discovered by ZDM
Jun 30, 2026
Patch Available
Jul 1, 2026