CVE-2026-7664
Unauthenticated Flow Execution via Webhook Endpoint in Langflow OSS
IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
IBM · Langflow OSSQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →