CVE-2026-13534
Last modified
CVE-2026-13534 is a medium-severity vulnerability rated 5/10 on the CVSS scale. A vulnerability was detected in CherryHQ cherry-studio up to 1.9.7. This affects the function sha256 of the file src/main/services/memory/MemoryService.ts of the component CherryIN Preload API. EPSS estimates a 0.20% chance of exploitation in the next 30 days.
Description
A vulnerability was detected in CherryHQ cherry-studio up to 1.9.7. This affects the function sha256 of the file src/main/services/memory/MemoryService.ts of the component CherryIN Preload API. Performing a manipulation of the argument state results in authorization bypass. The attack can be initiated remotely. The attack's complexity is rated as high. It is indicated that the exploitability is difficult. The exploit is now public and may be used. The vendor explains, that "[m]emory is planned to be removed in v2 version."
Metrics
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
Source: CNA advisory (CVE.org). NVD analysis pending.
| Vendor | Product | Versions |
|---|---|---|
| CherryHQ | cherry-studio | 1.9.0; 1.9.1; 1.9.2; 1.9.3; 1.9.4; 1.9.5; 1.9.6; 1.9.7 |
References
Timeline
- Published
- Last Modified
- Status
- Deferred
Frequently Asked Questions
What is CVE-2026-13534?
How severe is CVE-2026-13534?
How do I fix CVE-2026-13534?
Related CVEs from 2026
- CVE-2026-13528A vulnerability was found in YunaiV/zhijiantianya ruoyi-vue-…7.3
- CVE-2026-13529A vulnerability was determined in YzmCMS up to 7.5. This aff…5.6
- CVE-2026-13530A vulnerability was identified in itsourcecode Hospital Mana…6.3
- CVE-2026-13531A security flaw has been discovered in itsourcecode Hospital…6.3
- CVE-2026-13532A weakness has been identified in itsourcecode Hospital Mana…6.3
- CVE-2026-13533A security vulnerability has been detected in agentejo Cockp…5.5
- CVE-2026-13535A flaw has been found in CodeAstro Human Resource Management…6.3
- CVE-2026-13536A vulnerability has been found in GotoHTTP up to 10.2. This …4.3
- CVE-2026-13537A vulnerability was found in CodeAstro Human Resource Manage…4.3
- CVE-2026-13538A vulnerability was determined in Wavlink WL-NU516U1-A M16U1…6.3
- CVE-2026-13539A vulnerability was identified in Wavlink WL-NU516U1-A M16U1…8.8
- CVE-2026-1354Zero Motorcycles firmware versions 44 and prior enable an at…6.4
Are you affected by CVE-2026-13534?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST
