CVE-2026-7787 | IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenti… | CVSS 7.5 HIGH

Description

IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references.

Metadata

CVE ID: CVE-2026-7787
State: PUBLISHED
Assigner: ibm
Reserved: 2026-05-04 16:07 UTC
Published: 2026-06-11 14:41 UTC
Last updated: 2026-06-11 16:08 UTC
Primary CWE: CWE-639
CWE-639 Authorization Bypass Through User-Controlled Key
Vendor / Product: IBM / Langflow OSS
Sources: cve.org · NVD

Severity & Metrics

7.5 HIGH CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

SSVC — CISA Coordinator

Exploitation: none
Automatable: yes
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
IBM	Langflow OSS	—	1.0.0 ≤ 1.9.1

Weakness (CWE)

CWE	Source	Description
CWE-639	cna	CWE-639 Authorization Bypass Through User-Controlled Key

CVSS scores (1)

Score	Severity	Version	Source	Vector
7.5	HIGH	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References (1)

https://www.ibm.com/support/pages/node/7275453