CVE-2026-13524 CherryHQ CVE debrief

Who should care

Security teams and developers using CherryHQ cherry-studio up to version 1.9.6 should be aware of this vulnerability. Due to the remote attack vector and high complexity, defenders should prioritize patching and compensating controls. Monitoring for potential exploitation attempts is also recommended.

Technical summary

The CVE-2026-13524 vulnerability is caused by improper authorization in the MCP OAuth Local Callback Server component of CherryHQ cherry-studio. Specifically, the manipulation of the 'code' argument in the src/main/services/mcp/oauth/callback.ts file leads to this vulnerability. The vulnerability has a CVSS score of 2.9 and is considered to have low severity. The attack vector is remote, and the attack complexity is high, making it difficult to exploit.

Defensive priority

Apply the available patch as soon as possible. In the meantime, defenders can implement compensating controls such as monitoring for suspicious activity related to the MCP OAuth Local Callback Server component.

Recommended defensive actions

• Apply the patch from the pull request (https://github.com/CherryHQ/cherry-studio/pull/15388) once it is accepted.
• Implement compensating controls such as monitoring for suspicious activity related to the MCP OAuth Local Callback Server component.
• Restrict access to the affected file (src/main/services/mcp/oauth/callback.ts) to minimize potential damage.
• Monitor for potential exploitation attempts and adjust detection rules accordingly.
• Perform a thorough inventory check to identify all instances of CherryHQ cherry-studio up to version 1.9.6 in the environment.

Evidence notes

The CVE-2026-13524 vulnerability was detected in CherryHQ cherry-studio up to version 1.9.6. The vulnerability affects the MCP OAuth Local Callback Server component. The exploit has been disclosed publicly and may be used. The CVSS score is 2.9, and the severity is low. The attack vector is remote, and the attack complexity is high.

Official resources