Severity by source
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable API delivery (AV:N), requires crafting a hash-colliding payload (AC:H), valid authenticated session needed (PR:L); no scope change or availability impact observed.
Primary rating from Vendor (VulDB).
CVSS VectorVendor: VulDB
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability was detected in CherryHQ cherry-studio up to 1.9.7. This affects the function sha256 of the file src/main/services/memory/MemoryService.ts of the component CherryIN Preload API. Performing a manipulation of the argument state results in authorization bypass. The attack can be initiated remotely. The attack's complexity is rated as high. It is indicated that the exploitability is difficult. The exploit is now public and may be used. The vendor explains, that "[m]emory is planned to be removed in v2 version."
AnalysisAI
Authorization bypass in CherryHQ Cherry Studio up to version 1.9.7 allows authenticated remote attackers to cross user/agent memory isolation boundaries by manipulating memory content to produce SHA-256 hash collisions in the MemoryService deduplication logic. The vulnerable CherryIN Preload API component computed memory hashes solely from content, without scoping them to userId or agentId, enabling crafted inputs to match records belonging to other users. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires: (1) a valid authenticated session with at least low-privilege access to Cherry Studio (PR:L per CVSS - unauthenticated exploitation is not possible); (2) the memory feature must be active and in use, as the vulnerable MemoryService code path is only exercised when memory operations are performed; (3) high attack complexity (AC:H) - the attacker must craft a memory string whose SHA-256 output collides with a target user's existing memory hash, which is computationally non-trivial without additional information about target content; (4) network access to the CherryIN Preload API endpoint. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 score of 2.3 (AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P) accurately reflects a narrow, real-world risk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An authenticated low-privileged user of a shared or multi-user Cherry Studio deployment crafts a memory payload whose SHA-256 hash collides with a stored memory entry belonging to another user or agent scope. Because the original hash was computed without user or agent binding, the MemoryService's existence check returns the target user's record, bypassing per-user authorization. … |
| Remediation | A patch is available as GitHub Pull Request #15413 (https://github.com/CherryHQ/cherry-studio/pull/15413), which scopes the SHA-256 deduplication hash to incorporate userId, agentId, and a schema version constant. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Cherry Studio
View allCherry Studio's MCP OAuth Local Callback Server, in all versions up to 1.9.6, accepts OAuth authorization code callbacks
Cherry Studio is a desktop client that supports for multiple LLM providers. Rated critical severity (CVSS 9.6), this vul
Cherry Studio is a desktop client that supports for multiple LLM providers. Rated high severity (CVSS 7.7), this vulnera
Cherry Studio is a desktop client that supports for multiple LLM providers. Rated high severity (CVSS 8.0), this vulnera
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40031
GHSA-qwwm-4xhq-q4m4