How is CVE-2026-7787 exploited?

Network reachability (required): The vulnerable endpoint is exposed over the network, so the attacker must be able to reach the Langflow OSS service via a standard network connection. Authentication (not-required): No credentials are needed; the IDOR flaw allows unauthenticated requests to access protected session history objects directly. Victim interaction (not-required): The attacker makes direct requests to the service and does not need any action from a logged-in user or victim. Attack complexity (info): Attack complexity is low, meaning the exploit is reliable and requires no special conditions, race timing, or environmental setup.

What is the impact of CVE-2026-7787?

An attacker reads session history records belonging to other users, including inputs, outputs, and any data passed through Langflow flows. Sensitive configuration details or secrets embedded in flow execution history become accessible without authentication. No integrity or availability impact is indicated; data cannot be modified or the service disrupted through this specific vector.

Back to search

HIGHCVE-2026-7787Published 2026-06-11Modified 2026-06-11CNA ibm

CVE-2026-7787: Unauthenticated Session History Access via Public Flow Execution

IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references.

CVSS v3.1: 7.5
Severity: HIGH
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

This is an authentication bypass vulnerability in IBM Langflow OSS versions 1.0.0 through 1.9.1 that exposes session history through insecure direct object references (IDORs). An attacker reachable over the network requires no credentials to trigger the flaw, because direct object references in public flow execution endpoints are not access-controlled. Successful exploitation allows the attacker to read sensitive session data and information stored in the affected service. HarborGuard is tracking the upstream advisory for patch availability, as no fix version has been published yet.

HarborGuard Coverage

Detection

Detection capability is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against customer images, including custom-built images that bundle IBM Langflow OSS at an affected version. Any image carrying a package fingerprint for Langflow OSS 1.0.0 through 1.9.1 is flagged automatically.

Available

Triage

HarborGuard is capable of scoring this finding at CVSS 7.5 HIGH and weighting it against each customer organization's configured compliance policy to determine urgency and routing. Triage results are routed to the appropriate team inbox within each customer environment based on their policy configuration.

Available

Patch

Because no upstream fix version has been published, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available the moment IBM ships a corrected release. In the interim, the finding remains open and visible in each customer's vulnerability dashboard so teams can apply compensating controls.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The vulnerable endpoint is exposed over the network, so the attacker must be able to reach the Langflow OSS service via a standard network connection.
AuthenticationNot required
No credentials are needed; the IDOR flaw allows unauthenticated requests to access protected session history objects directly.
Victim interactionNot required
The attacker makes direct requests to the service and does not need any action from a logged-in user or victim.
Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and requires no special conditions, race timing, or environmental setup.

Blast Radius

An attacker reads session history records belonging to other users, including inputs, outputs, and any data passed through Langflow flows.
Sensitive configuration details or secrets embedded in flow execution history become accessible without authentication.
No integrity or availability impact is indicated; data cannot be modified or the service disrupted through this specific vector.

How HarborGuard Handles This

Available on HarborGuard: images containing IBM Langflow OSS at any version between 1.0.0 and 1.9.1 are flagged as soon as a scan runs against a registry or CI pipeline stage where those images are present. Because IBM has not yet published a fix, HarborGuard monitors the advisory on every ingest cycle and will automatically make a patched-image rebuild available the moment an upstream fix is released. For customers who opt into auto-remediation, that rebuild will trigger a regression test run and a pull request against affected workloads without manual intervention. While no patch exists, teams running affected images should consider isolating the Langflow service behind a network policy that restricts inbound access to trusted sources only, applying egress filtering to limit what session data can be exfiltrated, and auditing any public-facing flow execution endpoints for exposure.

See how HarborGuard automates this

Affected packages

IBM / Langflow OSS
≤ 1.9.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

ibm.com

Metrics

Get notified