CVE-2026-13524

MEDIUM

CherryHQ cherry-studio MCP OAuth Local Callback Server callback.ts improper authorization

Title source: cna
STIX 2.1

Description

A security vulnerability has been detected in CherryHQ cherry-studio up to 1.9.6. This vulnerability affects unknown code of the file src/main/services/mcp/oauth/callback.ts of the component MCP OAuth Local Callback Server. The manipulation of the argument code leads to improper authorization. The attack can be initiated remotely. The attack is considered to have high complexity. It is stated that the exploitability is difficult. The exploit has been disclosed publicly and may be used. The pull request to fix this issue awaits acceptance.

References (7)

Core 7
Core References
Vdb Entry, Technical Description vdb-entry technical-description
VDB-374532 | CherryHQ cherry-studio MCP OAuth Local Callback Server callback.ts improper authorization
https://vuldb.com/vuln/374532
Signature, Permissions Required signature permissions-required
VDB-374532 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/374532/cti
Third Party Advisory third-party-advisory
CVE-2026-13524 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-13524
Third Party Advisory third-party-advisory
Submit #840175 | CherryHQ cherry-studio 1.9.6 Authorization Bypass / Login CSRF
https://vuldb.com/submit/840175

Scores

CVSS v3 5.6
EPSS 0.0026
EPSS Percentile 17.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-266 CWE-285
Status published
Products (7)
CherryHQ/cherry-studio 1.9.0
CherryHQ/cherry-studio 1.9.1
CherryHQ/cherry-studio 1.9.2
CherryHQ/cherry-studio 1.9.3
CherryHQ/cherry-studio 1.9.4
CherryHQ/cherry-studio 1.9.5
CherryHQ/cherry-studio 1.9.6
Published Jun 29, 2026
Tracked Since Jun 29, 2026