Lucene search
K

6 matches found

NVD
NVD
added 4 days ago8 views

CVE-2026-13524

A security vulnerability has been detected in CherryHQ cherry-studio up to 1.9.6. This vulnerability affects unknown code of the file src/main/services/mcp/oauth/callback.ts of the component MCP OAuth Local Callback Server. The manipulation of the argument code leads to improper authorization. Th...

6.3CVSS0.00264EPSS
Exploits0References7
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-40021

A security vulnerability has been detected in CherryHQ cherry-studio up to 1.9.6. This vulnerability affects unknown code of the file src/main/services/mcp/oauth/callback.ts of the component MCP OAuth Local Callback Server. The manipulation of the argument code leads to improper authorization. Th...

6.3CVSS5.3AI score0.00264EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-13524

A security vulnerability has been detected in CherryHQ cherry-studio up to 1.9.6. This vulnerability affects unknown code of the file src/main/services/mcp/oauth/callback.ts of the component MCP OAuth Local Callback Server. The manipulation of the argument code leads to improper authorization. Th...

6.3CVSS5.7AI score0.00264EPSS
Exploits0References7Affected Software1
CVE
CVE
added 4 days ago12 views

CVE-2026-13524

The CVE-2026-13524 entry concerns CherryHQ cherry-studio up to 1.9.6. Affected component: MCP OAuth Local Callback Server, specifically the source file src/main/services/mcp/oauth/callback.ts. The vulnerability is caused by manipulation of the argument code, leading to improper authorization. The...

6.3CVSS5.7AI score0.00264EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/05/12 3:34 p.m.9 views

OpenClaude MCP OAuth Callback: State Check Bypass via error Param Leads to DoS

OAuth State Validation Bypass via error Parameter Causes Local Server DoS in MCP Auth Callback --- Description The OpenClaude MCP authentication flow starts a temporary local HTTP server to handle OAuth callbacks. To prevent CSRF attacks, the server validates a state parameter against an internal...

6.5CVSS5.9AI score0.00219EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2025/11/12 4:29 a.m.3 views

EUVD-2025-111632

Malicious code in local-callback-miranda-venus npm...

6.6AI score
Exploits0
Rows per page
Query Builder