CVE-2026-7787

Vulnerability

A session ID namespace bypass vulnerability exists in IBM Langflow OSS versions 1.0.0 through 1.9.1. The endpoint POST /api/v1/build_public_tmp/{flow_id}/flow accepts an inputs.session parameter that overrides the session ID used during flow execution. When a public flow contains a Memory (Message History) component with an empty session_id field, the component uses the caller-supplied session ID without proper isolation [1]. This allows an unauthenticated attacker to retrieve chat history from other users' sessions by providing arbitrary session IDs.

Exploitation

An unauthenticated attacker can call the public endpoint with a target session ID. Since the default session_id for authenticated runs equals the flow UUID (visible in URLs), the attacker can discover or guess the flow UUID. By including this session ID in the inputs.session parameter, the attacker retrieves stored chat history without any authentication or user interaction [1].

Impact

Successful exploitation enables an unauthenticated attacker to read chat history from arbitrary sessions, leading to disclosure of sensitive information. The CVSS v3 score is 7.5 (High) with a vector of AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, reflecting no required privileges, no user interaction, and high confidentiality impact [1].

Mitigation

As of the publication date (2026-06-11), no workarounds or mitigations have been provided by IBM. The advisory states "None" for workarounds and mitigations [1]. No fixed version has been released. Users should monitor the IBM support page and Langflow OSS project for updates. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.