CVE-2026-7787— Unauthenticated Session History Access via Public Flow Execution
Possible ATT&CK Techniques 1AI
T1550 · Use Alternate Authentication MaterialAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM | Langflow OSS | 1.0.0≤ 1.9.1 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-7787
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unauthenticated Session History Access via Public Flow Execution
Source: NVD (National Vulnerability Database)
Vulnerability Description
IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
通过用户控制密钥绕过授权机制
Source: NVD (National Vulnerability Database)
Vulnerability Title
IBM Langflow 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
IBM Langflow是美国国际商业机器(IBM)公司的一个可视化流程编排工具。 IBM Langflow OSS 1.0.0版本至1.9.1版本存在安全漏洞,该漏洞源于不安全的直接对象引用,可能导致经过身份验证的用户绕过身份验证读取或修改敏感信息。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| IBM | Langflow OSS | 1.0.0 ~ 1.9.1 | cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:* |
II. Public POCs for CVE-2026-7787
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-7787
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-7787 (1)
Same Patch Batch · IBM · 2026-06-11 · 5 CVEs total
| CVE-2026-7870 | 8.8 HIGH | IBM i is Affected by Privilege Escalation [] |
| CVE-2026-4096 | 6.5 MEDIUM | A vulnerability has been identified in IBM DevOps Plan that allows a Host Header Injection |
| CVE-2026-3341 | 5.4 MEDIUM | IBM Langflow Desktop 1.0.0 - 1.9.2 DNS Rebinding Bypasses SSRF Protection Allowing Access |
| CVE-2024-45636 | 4.1 MEDIUM | IBM Security QRadar EDR Software has a vulnerability where user credentials may be stored |
IV. Related Vulnerabilities
Same vendor: IBM
- CVE-2026-4870
Qiskit SDK is vulnerable to specific functions may recurse t - CVE-2024-45636
IBM Security QRadar EDR Software has a vulnerability where u - CVE-2026-3341
IBM Langflow Desktop 1.0.0 - 1.9.2 DNS Rebinding Bypasses SS - CVE-2026-4096
A vulnerability has been identified in IBM DevOps Plan that - CVE-2026-7870
IBM i is Affected by Privilege Escalation []
Same weakness: CWE-639
- CVE-2026-54105
U.S. GAO EPDS and CBCA EDS user information disclosure - CVE-2026-12102
UsersWP <= 1.2.63 - Insecure Direct Object Reference to Auth - CVE-2026-10623
PressPrimer Quiz <= 2.3.0 - Insecure Direct Object Reference - CVE-2026-10023
Dokan: AI Powered WooCommerce Multivendor Marketplace Soluti - CVE-2026-48759
TypeBot: Cross-Workspace Theme Template IDOR (Modification a
V. Comments for CVE-2026-7787
No comments yet