{"vulnerability": "cve-2026-7664", "sightings": [{"uuid": "f9ab4b6f-38fb-4b0f-8279-a3ccb748b2be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-7664", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116794708120532850", "content": "CVE-2026-7664 (CRITICAL, CVSS 9.8): IBM Langflow OSS 1.0.0 \u2013 1.8.4 has an improper auth flaw in MCP endpoint, allowing unauthenticated access to protected resources. Patch status unknown \u2014 monitor IBM advisories. https://radar.offseq.com/threat/cve-2026-7664-cwe-287-improper-authentication-in-i-c216bd5b6f57089f #OffSeq #CVE #IBM #infosec", "creation_timestamp": "2026-06-22T16:30:16.419010Z"}, {"uuid": "1addfdf0-cc28-4963-80b2-d33047de1be4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-7664", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3movco74w352g", "content": "CVE-2026-7664 in IBM Langflow OSS (1.0.0 \u2013 1.8.4) is CRITICAL \u2014 improper authentication lets attackers access and control MCP project resources. Check IBM advisories for patches. \ud83d\udd12 https://radar.offseq.com/threat/cve-2026-7664-cwe-287-improper-authentication-in-i-c216bd5b6f57089f #OffSeq #Vuln #IBM", "creation_timestamp": "2026-06-22T16:30:17.827849Z"}, {"uuid": "870e1ffc-7578-481c-8c6e-9f09f16a349b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7664", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3movm563w5c27", "content": "CVE-2026-7664 - Unauthenticated Flow Execution via Webhook Endpoint in Langflow OSS\nCVE ID : CVE-2026-7664\n \n Published : June 22, 2026, 2:10 p.m. | 4\u00a0hours, 59\u00a0minutes ago\n \n Description : IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access pr...", "creation_timestamp": "2026-06-22T19:19:43.024087Z"}, {"uuid": "ef11257c-9ce8-428b-b4ac-2f1d495e09a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7664", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3movzfaw4bs2y", "content": "\ud83d\udea8  ALERT: CVE-2026-7664\n\nCVSS 9.8/10\n\n\ud83d\udccb WHAT IT IS:\nIBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint.\n\n\ud83c\udfaf WHO'S AFFECTED:\n ", "creation_timestamp": "2026-06-22T23:16:52.844279Z"}]}