Description
IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow remote code execution due to incomplete validation enforcement on MCP server configuration files.
Analysis and contextual insights are available on OpenCVE Cloud.
Remediation
Vendor Solution
IBM strongly recommends addressing the vulnerability now by upgrading Langflow OSS to version 1.10.1 https://pypi.org/project/langflow/
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
| Link | Providers |
|---|---|
| https://www.ibm.com/support/pages/node/7278932 |
|
History
Fri, 17 Jul 2026 19:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow remote code execution due to incomplete validation enforcement on MCP server configuration files. | |
| Title | MCP Server Configuration Validator Bypass via File Upload API | |
| First Time appeared |
Ibm
Ibm langflow Oss |
|
| CPEs | cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:langflow_oss:1.10.0:*:*:*:*:*:*:* |
|
| Vendors & Products |
Ibm
Ibm langflow Oss |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: ibm
Published:
Updated: 2026-07-17T19:18:26.904Z
Reserved: 2026-05-04T03:09:10.217Z
Link: CVE-2026-7755
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-17T20:30:03Z
Weaknesses
No weakness.