{"document":{"category":"csaf_vex","csaf_version":"2.0","title":"CVE-2026-7663: Unauthenticated Cross-User MCP Resource Access and Tool Execution via Streamable Transport Authorization Bypass","publisher":{"category":"vendor","name":"HarborGuard Database","namespace":"https://database.harborguard.co"},"tracking":{"id":"CVE-2026-7663","status":"final","version":"1","initial_release_date":"2026-06-30T19:16:25.323Z","current_release_date":"2026-06-30T20:09:14.799Z","revision_history":[{"date":"2026-06-30T19:16:25.323Z","number":"1","summary":"Initial machine-readable export from HarborGuard."}]},"distribution":{"tlp":{"label":"WHITE"},"text":"Public CVE data; freely redistributable."},"notes":[{"category":"description","text":"IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint.","title":"CVE description"}],"references":[{"category":"self","summary":"CVE-2026-7663 on HarborGuard Database","url":"https://database.harborguard.co/cve/CVE-2026-7663"},{"category":"external","summary":"CVE Record","url":"https://www.cve.org/CVERecord?id=CVE-2026-7663"},{"category":"external","summary":"ibm.com","url":"https://www.ibm.com/support/pages/node/7277570"}]},"product_tree":{"branches":[{"category":"vendor","name":"IBM","branches":[{"category":"product_name","name":"Langflow OSS","branches":[{"category":"product_version_range","name":">=1.0.0 <=1.9.6","product":{"name":"IBM Langflow OSS >=1.0.0 <=1.9.6","product_id":"CSAFPID-1","product_identification_helper":{"cpe":"cpe:2.3:a:ibm:langflow_oss:*:*:*:*:*:*:*:*"}}}]}]}]},"vulnerabilities":[{"cve":"CVE-2026-7663","title":"Unauthenticated Cross-User MCP Resource Access and Tool Execution via Streamable Transport Authorization Bypass","notes":[{"category":"description","text":"IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint.","title":"CVE description"}],"product_status":{"known_affected":["CSAFPID-1"]},"scores":[{"cvss_v3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL"},"products":["CSAFPID-1"]}],"remediations":[{"category":"none_available","details":"No fixed version is published yet. Monitor the upstream advisory.","product_ids":["CSAFPID-1"]}]}]}