Skip to main content

Cherry Studio CVE-2026-13524

| EUVDEUVD-2026-40021 LOW
Improper Authorization (CWE-285)
2026-06-29 VulDB GHSA-9c5h-h4mj-p5ch
2.9
CVSS 4.0 · Vendor: VulDB

Severity by source

Vendor (VulDB) PRIMARY
2.9 MEDIUM
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
4.8 MEDIUM

Network vector per CVE description and CVSS 4.0 input; AC:H for race-condition timing requirement; PR:N as no credentials needed; no availability impact from code injection.

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
4.0 AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
Severity Changed
Jun 29, 2026 - 03:22 NVD
MEDIUM LOW
CVSS changed
Jun 29, 2026 - 03:22 NVD
6.3 (MEDIUM) 2.9 (LOW)
Source Code Evidence Fetched
Jun 29, 2026 - 02:46 vuln.today
Analysis Generated
Jun 29, 2026 - 02:46 vuln.today

DescriptionCVE.org

A security vulnerability has been detected in CherryHQ cherry-studio up to 1.9.6. This vulnerability affects unknown code of the file src/main/services/mcp/oauth/callback.ts of the component MCP OAuth Local Callback Server. The manipulation of the argument code leads to improper authorization. The attack can be initiated remotely. The attack is considered to have high complexity. It is stated that the exploitability is difficult. The exploit has been disclosed publicly and may be used. The pull request to fix this issue awaits acceptance.

AnalysisAI

Cherry Studio's MCP OAuth Local Callback Server, in all versions up to 1.9.6, accepts OAuth authorization code callbacks without validating the OAuth state parameter, enabling authorization code injection attacks. The PR diff confirms that src/main/services/mcp/oauth/callback.ts processed any inbound code value without checking a bound state token, allowing a network-positioned attacker to substitute a malicious authorization code during an active OAuth flow. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Victim initiates MCP OAuth authentication flow
Delivery
Local callback server starts on dynamic port
Exploit
Attacker discovers or guesses callback port
Execution
Attacker sends forged callback with malicious code and no state parameter
Persist
Unpatched server accepts code without state validation
Impact
Attacker-controlled authorization code processed as legitimate

Vulnerability AssessmentAI

Exploitation Cherry Studio must be running and the victim user must have actively initiated an MCP OAuth authentication flow - this starts the local callback server that is the attack surface. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 6.3 (Medium) with AV:N/AC:H/PR:N/UI:N reflects meaningful operational complexity - successful exploitation requires the attacker to race the legitimate OAuth callback during the narrow window the victim's OAuth flow is in-flight, while also knowing or discovering the dynamically assigned local callback port. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A user running Cherry Studio initiates an OAuth authentication flow for an MCP server integration, causing the application to start a local HTTP callback server on a dynamically assigned port without binding it exclusively to loopback. An attacker on the same network who discovers or brute-forces the callback port sends a forged HTTP GET request to the callback path with a crafted `code` parameter and no valid `state`, which the unpatched server accepts and forwards as a legitimate authorization code. …
Remediation The primary fix is the upstream patch in GitHub PR #15388 (https://github.com/CherryHQ/cherry-studio/pull/15388), which adds OAuth state validation to the local callback server. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-13524 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy