CVE-2026-7663 - Unauthenticated Cross-User MCP Resource Access and Tool Execution via Streamable Transport Authorization Bypass
CVE ID :CVE-2026-7663 Published : June 30, 2026, 7:16 p.m. | 1 hour, 56 minutes ago Description :IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the...