What is CVE-2026-7664?

CVE-2026-7664 is a critical-severity vulnerability in Ibm Langflow Oss, classified under Improper Authentication. CVSS score: 9.8/10. Published 2026-06-22.

How severe is CVE-2026-7664?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Auth bypass in Ibm Langflow Oss

CVE-2026-7664

IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint.

Vulnerability class: Broken Authentication

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Ibm Langflow Oss — versions 1.0.0

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

psirt@us.ibm.com (vendor-advisory, patch)

Frequently asked questions

What is CVE-2026-7664?: CVE-2026-7664 is a critical-severity vulnerability in Ibm Langflow Oss, classified under Improper Authentication. CVSS score: 9.8/10. Published 2026-06-22.
How severe is CVE-2026-7664?: Critical severity. CVSS v3 base score is 9.8 out of 10.