CVE-2026-13524
Last modified
CVE-2026-13524 is a medium-severity vulnerability rated 5.6/10 on the CVSS scale. A security vulnerability has been detected in CherryHQ cherry-studio up to 1.9.6. This vulnerability affects unknown code of the file src/main/services/mcp/oauth/callback.ts of the component MCP OAuth Local Callback Server. EPSS estimates a 0.26% chance of exploitation in the next 30 days.
Description
A security vulnerability has been detected in CherryHQ cherry-studio up to 1.9.6. This vulnerability affects unknown code of the file src/main/services/mcp/oauth/callback.ts of the component MCP OAuth Local Callback Server. The manipulation of the argument code leads to improper authorization. The attack can be initiated remotely. The attack is considered to have high complexity. It is stated that the exploitability is difficult. The exploit has been disclosed publicly and may be used. The pull request to fix this issue awaits acceptance.
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
Source: CNA advisory (CVE.org). NVD analysis pending.
| Vendor | Product | Versions |
|---|---|---|
| CherryHQ | cherry-studio | 1.9.0; 1.9.1; 1.9.2; 1.9.3; 1.9.4; 1.9.5; 1.9.6 |
References
Timeline
- Published
- Last Modified
- Status
- Deferred
Frequently Asked Questions
What is CVE-2026-13524?
How severe is CVE-2026-13524?
How do I fix CVE-2026-13524?
Related CVEs from 2026
- CVE-2026-13519A vulnerability was found in Tenda JD12L 16.03.53.23. This i…8.8
- CVE-2026-1352IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for…6.5
- CVE-2026-13520A vulnerability was determined in itsourcecode Hospital Mana…6.3
- CVE-2026-13521A vulnerability was identified in SourceCodester Class and E…7.3
- CVE-2026-13522A security flaw has been discovered in Investintech SlimPDFR…4.3
- CVE-2026-13523A weakness has been identified in GPAC up to 26.02.0. This a…3.3
- CVE-2026-13525A vulnerability was detected in CodeAstro Human Resource Man…6.3
- CVE-2026-13526A flaw has been found in SourceCodester Class and Exam Timet…7.3
- CVE-2026-13527A vulnerability has been found in SourceCodester Class and E…7.3
- CVE-2026-13528A vulnerability was found in YunaiV/zhijiantianya ruoyi-vue-…7.3
- CVE-2026-13529A vulnerability was determined in YzmCMS up to 7.5. This aff…5.6
- CVE-2026-13530A vulnerability was identified in itsourcecode Hospital Mana…6.3
Are you affected by CVE-2026-13524?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST
