PatchSiren cyber security CVE debrief
CVE-2026-7787 IBM CVE debrief
CVE-2026-7787 is a HIGH-severity vulnerability in IBM Langflow OSS versions 1.0.0 through 1.9.1. An authenticated user could exploit this vulnerability to read or modify sensitive information by bypassing authentication using insecure direct object references. The vulnerability was published on [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-7787) and has a CVSS score of 7.5.
- Vendor
- IBM
- Product
- Langflow OSS
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-11
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-11
- Advisory updated
- 2026-06-11
Who should care
Users of IBM Langflow OSS versions 1.0.0 through 1.9.1 should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability is caused by insecure direct object references, which allow an authenticated user to bypass authentication and access sensitive information. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
Defensive priority
HIGH
Recommended defensive actions
- Users should update to a patched version of IBM Langflow OSS as soon as possible.
- In the meantime, users can consider implementing additional authentication and authorization measures to mitigate the vulnerability.
Evidence notes
The CVE record [cve-org] provides additional information about the vulnerability, including its CVSS score and vector. The NVD detail [nvd] also provides information about the vulnerability, including its description and references. The source reference [ref-4] provides additional information from IBM about the vulnerability.
Official resources
-
CVE-2026-7787 CVE record
CVE.org
-
CVE-2026-7787 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-7787 was published on 2026-06-11T16:16:25.090Z and modified on 2026-06-11T20:56:29.653Z.