Lucene search
K

5 matches found

CVE
CVE
added 2026/06/29 4:15 a.m.20 views

CVE-2026-13534

CherryHQ cherry-studio (up to v1.9.7) contains a memory-access issue in the CherryIN Preload API component: MemoryService.ts sha256 function. According to the CVE entry, manipulating the argument state can bypass authorization, and the attack can be initiated remotely with high complexity; exploi...

5CVSS5.4AI score0.00199EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/10/10 7:50 p.m.10 views

CVE-2025-61929 Cherry Studio allows one-click on a specific URL to cause a command to execute

Cherry Studio is a desktop client that supports for multiple LLM providers. Cherry Studio registers a custom protocol called cherrystudio://. When handling the MCP installation URL, it parses the base64-encoded configuration data and directly executes the command within it. In the files...

9.6CVSS0.00439EPSS
Exploits1References1
CVE
CVE
added 2025/10/10 7:50 p.m.39 views

CVE-2025-61929

Cherry Studio is affected by a code-injection vulnerability where the cherrystudio://mcp protocol handler parses base64-encoded configuration data and directly executes the contained command. Affected component paths include src/main/services/ProtocolClient.ts and src/main/services/urlschema/mcp-...

9.6CVSS6.6AI score0.00439EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2025/10/10 12:0 a.m.4 views

Cherry Studio 代码注入漏洞

Cherry Studio is a multi-model AI assistant from China's Thousand Comets Cherry Studio. A code injection vulnerability exists in Cherry Studio, which stems from the direct execution of commands in base64-encoded configuration data when processing URLs of type cherrystudio://mcp, which could lead ...

9.6CVSS7.7AI score0.00439EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/10/10 12:0 a.m.4 views

PT-2025-41600

Name of the Vulnerable Software and Affected Versions Cherry Studio versions 1.7.0-alpha.4 and earlier Description Cherry Studio is a desktop client supporting multiple LLM providers. It registers a custom protocol, cherrystudio://, and when handling MCP installation URLs, it parses base64-encode...

9.6CVSS7AI score0.00439EPSS
Exploits1References12
Rows per page
Query Builder