https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Fri, 26 Jun 2026 21:23:55 +0000 https://vulnerability.circl.lu/sighting/f9ab4b6f-38fb-4b0f-8279-a3ccb748b2be/export {"uuid": "f9ab4b6f-38fb-4b0f-8279-a3ccb748b2be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-7664", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116794708120532850", "content": "CVE-2026-7664 (CRITICAL, CVSS 9.8): IBM Langflow OSS 1.0.0 \u2013 1.8.4 has an improper auth flaw in MCP endpoint, allowing unauthenticated access to protected resources. Patch status unknown \u2014 monitor IBM advisories. https://radar.offseq.com/threat/cve-2026-7664-cwe-287-improper-authentication-in-i-c216bd5b6f57089f #OffSeq #CVE #IBM #infosec", "creation_timestamp": "2026-06-22T16:30:16.419010Z"} {"uuid": "f9ab4b6f-38fb-4b0f-8279-a3ccb748b2be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-7664", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116794708120532850", "content": "CVE-2026-7664 (CRITICAL, CVSS 9.8): IBM Langflow OSS 1.0.0 \u2013 1.8.4 has an improper auth flaw in MCP endpoint, allowing unauthenticated access to protected resources. Patch status unknown \u2014 monitor IBM advisories. https://radar.offseq.com/threat/cve-2026-7664-cwe-287-improper-authentication-in-i-c216bd5b6f57089f #OffSeq #CVE #IBM #infosec", "creation_timestamp": "2026-06-22T16:30:16.419010Z"} https://vulnerability.circl.lu/sighting/f9ab4b6f-38fb-4b0f-8279-a3ccb748b2be/export Mon, 22 Jun 2026 16:30:16 +0000 https://vulnerability.circl.lu/sighting/1addfdf0-cc28-4963-80b2-d33047de1be4/export {"uuid": "1addfdf0-cc28-4963-80b2-d33047de1be4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-7664", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3movco74w352g", "content": "CVE-2026-7664 in IBM Langflow OSS (1.0.0 \u2013 1.8.4) is CRITICAL \u2014 improper authentication lets attackers access and control MCP project resources. Check IBM advisories for patches. \ud83d\udd12 https://radar.offseq.com/threat/cve-2026-7664-cwe-287-improper-authentication-in-i-c216bd5b6f57089f #OffSeq #Vuln #IBM", "creation_timestamp": "2026-06-22T16:30:17.827849Z"} {"uuid": "1addfdf0-cc28-4963-80b2-d33047de1be4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-7664", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3movco74w352g", "content": "CVE-2026-7664 in IBM Langflow OSS (1.0.0 \u2013 1.8.4) is CRITICAL \u2014 improper authentication lets attackers access and control MCP project resources. Check IBM advisories for patches. \ud83d\udd12 https://radar.offseq.com/threat/cve-2026-7664-cwe-287-improper-authentication-in-i-c216bd5b6f57089f #OffSeq #Vuln #IBM", "creation_timestamp": "2026-06-22T16:30:17.827849Z"} https://vulnerability.circl.lu/sighting/1addfdf0-cc28-4963-80b2-d33047de1be4/export Mon, 22 Jun 2026 16:30:17 +0000 https://vulnerability.circl.lu/sighting/870e1ffc-7578-481c-8c6e-9f09f16a349b/export {"uuid": "870e1ffc-7578-481c-8c6e-9f09f16a349b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7664", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3movm563w5c27", "content": "CVE-2026-7664 - Unauthenticated Flow Execution via Webhook Endpoint in Langflow OSS\nCVE ID : CVE-2026-7664\n \n Published : June 22, 2026, 2:10 p.m. | 4\u00a0hours, 59\u00a0minutes ago\n \n Description : IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access pr...", "creation_timestamp": "2026-06-22T19:19:43.024087Z"} {"uuid": "870e1ffc-7578-481c-8c6e-9f09f16a349b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7664", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3movm563w5c27", "content": "CVE-2026-7664 - Unauthenticated Flow Execution via Webhook Endpoint in Langflow OSS\nCVE ID : CVE-2026-7664\n \n Published : June 22, 2026, 2:10 p.m. | 4\u00a0hours, 59\u00a0minutes ago\n \n Description : IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access pr...", "creation_timestamp": "2026-06-22T19:19:43.024087Z"} https://vulnerability.circl.lu/sighting/870e1ffc-7578-481c-8c6e-9f09f16a349b/export Mon, 22 Jun 2026 19:19:43 +0000 https://vulnerability.circl.lu/sighting/ef11257c-9ce8-428b-b4ac-2f1d495e09a4/export {"uuid": "ef11257c-9ce8-428b-b4ac-2f1d495e09a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7664", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3movzfaw4bs2y", "content": "\ud83d\udea8 ALERT: CVE-2026-7664\n\nCVSS 9.8/10\n\n\ud83d\udccb WHAT IT IS:\nIBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint.\n\n\ud83c\udfaf WHO'S AFFECTED:\n ", "creation_timestamp": "2026-06-22T23:16:52.844279Z"} {"uuid": "ef11257c-9ce8-428b-b4ac-2f1d495e09a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7664", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3movzfaw4bs2y", "content": "\ud83d\udea8 ALERT: CVE-2026-7664\n\nCVSS 9.8/10\n\n\ud83d\udccb WHAT IT IS:\nIBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint.\n\n\ud83c\udfaf WHO'S AFFECTED:\n ", "creation_timestamp": "2026-06-22T23:16:52.844279Z"} https://vulnerability.circl.lu/sighting/ef11257c-9ce8-428b-b4ac-2f1d495e09a4/export Mon, 22 Jun 2026 23:16:52 +0000