43 matches found
CVE-2026-13534
A vulnerability was detected in CherryHQ cherry-studio up to 1.9.7. This affects the function sha256 of the file src/main/services/memory/MemoryService.ts of the component CherryIN Preload API. Performing a manipulation of the argument state results in authorization bypass. The attack can be...
CVE-2026-13534 CherryHQ cherry-studio CherryIN Preload API MemoryService.ts sha256 authorization
A vulnerability was detected in CherryHQ cherry-studio up to 1.9.7. This affects the function sha256 of the file src/main/services/memory/MemoryService.ts of the component CherryIN Preload API. Performing a manipulation of the argument state results in authorization bypass. The attack can be...
CVE-2026-13534
A vulnerability was detected in CherryHQ cherry-studio up to 1.9.7. This affects the function sha256 of the file src/main/services/memory/MemoryService.ts of the component CherryIN Preload API. Performing a manipulation of the argument state results in authorization bypass. The attack can be...
EUVD-2026-40031
A vulnerability was detected in CherryHQ cherry-studio up to 1.9.7. This affects the function sha256 of the file src/main/services/memory/MemoryService.ts of the component CherryIN Preload API. Performing a manipulation of the argument state results in authorization bypass. The attack can be...
CVE-2026-13524
A security vulnerability has been detected in CherryHQ cherry-studio up to 1.9.6. This vulnerability affects unknown code of the file src/main/services/mcp/oauth/callback.ts of the component MCP OAuth Local Callback Server. The manipulation of the argument code leads to improper authorization. Th...
CVE-2026-13524
A security vulnerability has been detected in CherryHQ cherry-studio up to 1.9.6. This vulnerability affects unknown code of the file src/main/services/mcp/oauth/callback.ts of the component MCP OAuth Local Callback Server. The manipulation of the argument code leads to improper authorization. Th...
CVE-2026-13524 CherryHQ cherry-studio MCP OAuth Local Callback Server callback.ts improper authorization
A security vulnerability has been detected in CherryHQ cherry-studio up to 1.9.6. This vulnerability affects unknown code of the file src/main/services/mcp/oauth/callback.ts of the component MCP OAuth Local Callback Server. The manipulation of the argument code leads to improper authorization. Th...
CVE-2026-13524
The CVE-2026-13524 entry concerns CherryHQ cherry-studio up to 1.9.6. Affected component: MCP OAuth Local Callback Server, specifically the source file src/main/services/mcp/oauth/callback.ts. The vulnerability is caused by manipulation of the argument code, leading to improper authorization. The...
PT-2026-53194
Name of the Vulnerable Software and Affected Versions CherryHQ cherry-studio versions prior to 1.9.7 Description Improper authorization exists in the MCP OAuth Local Callback Server component within the src/main/services/mcp/oauth/callback.ts file. A remote attacker can manipulate the code argume...
CVE-2025-14204
A vulnerability has been found in TykoDev cherry-studio-TykoFork 0.1. This issue affects the function redirectToAuthorization of the file /.well-known/oauth-authorization-server of the component OAuth Server Discovery. Such manipulation of the argument authorizationUrl leads to os command...
CVE-2025-14204 TykoDev cherry-studio-TykoFork OAuth Server Discovery oauth-authorization-server redirectToAuthorization os command injection
A vulnerability has been found in TykoDev cherry-studio-TykoFork 0.1. This issue affects the function redirectToAuthorization of the file /.well-known/oauth-authorization-server of the component OAuth Server Discovery. Such manipulation of the argument authorizationUrl leads to os command...
PT-2025-49418
A vulnerability has been found in TykoDev cherry-studio-TykoFork 0.1. This issue affects the function redirectToAuthorization of the file /.well-known/oauth-authorization-server of the component OAuth Server Discovery. Such manipulation of the argument authorizationUrl leads to os command...
CVE-2025-61929
Cherry Studio is a desktop client that supports for multiple LLM providers. Cherry Studio registers a custom protocol called cherrystudio://. When handling the MCP installation URL, it parses the base64-encoded configuration data and directly executes the command within it. In the files...
CVE-2025-61929
Cherry Studio is a desktop client that supports for multiple LLM providers. Cherry Studio registers a custom protocol called cherrystudio://. When handling the MCP installation URL, it parses the base64-encoded configuration data and directly executes the command within it. In the files...
CVE-2025-61929 Cherry Studio allows one-click on a specific URL to cause a command to execute
Cherry Studio is a desktop client that supports for multiple LLM providers. Cherry Studio registers a custom protocol called cherrystudio://. When handling the MCP installation URL, it parses the base64-encoded configuration data and directly executes the command within it. In the files...
EUVD-2025-33778
Cherry Studio is a desktop client that supports for multiple LLM providers. Cherry Studio registers a custom protocol called cherrystudio://. When handling the MCP installation URL, it parses the base64-encoded configuration data and directly executes the command within it. In the files...
CVE-2025-61929
Cherry Studio is affected by a code-injection vulnerability where the cherrystudio://mcp protocol handler parses base64-encoded configuration data and directly executes the contained command. Affected component paths include src/main/services/ProtocolClient.ts and src/main/services/urlschema/mcp-...
CVE-2025-61929 Cherry Studio allows one-click on a specific URL to cause a command to execute
Cherry Studio is a desktop client that supports for multiple LLM providers. Cherry Studio registers a custom protocol called cherrystudio://. When handling the MCP installation URL, it parses the base64-encoded configuration data and directly executes the command within it. In the files...
PT-2025-41600
Name of the Vulnerable Software and Affected Versions Cherry Studio versions 1.7.0-alpha.4 and earlier Description Cherry Studio is a desktop client supporting multiple LLM providers. It registers a custom protocol, cherrystudio://, and when handling MCP installation URLs, it parses base64-encode...
EUVD-2025-24562
Malicious code in bioql PyPI...