2 matches found
CVE-2026-13524
creationtimestamp| type| source ---|---|--- 2026-06-29 04:16:28+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpfmwify2t2o...
CVE-2026-13524 CherryHQ cherry-studio MCP OAuth Local Callback Server callback.ts improper authorization
A security vulnerability has been detected in CherryHQ cherry-studio up to 1.9.6. This vulnerability affects unknown code of the file src/main/services/mcp/oauth/callback.ts of the component MCP OAuth Local Callback Server. The manipulation of the argument code leads to improper authorization. Th...