IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NLangflow
APPLangflow1.0.0 – 1.10.0 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
References
Related vulnerabilities
CVE-2026-33017CRITICAL9.3⚠ KEVPL ✓ten sam produkt
Langflow: nieuwierzytelniony RCE przez endpoint budowania publicznych przepływów
CVE-2025-34291CRITICAL9.4⚠ KEVPL ✓ten sam produkt
Langflow: przejęcie konta i RCE przez błędną konfigurację CORS
CVE-2025-3248CRITICAL9.8⚠ KEVPL ✓ten sam produkt
Nieuwierzytelnione RCE w Langflow poprzez wstrzyknięcie kodu w endpoint /api/v1/validate/code
CVE-2026-10140CRITICAL9.6ten sam produkt
IBM Langflow OSS 1.0.0 through 1.10.0 voice mode contains improper shared-state handling that allows reuse of ...
CVE-2026-10134CRITICAL10.0ten sam produkt
IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret available to the Langflow process...