LOW
CherryHQ
CVE published 2026-06-29
CVE-2026-13524
CVE-2026-13524 is a security vulnerability detected in CherryHQ cherry-studio up to 1.9.6. The vulnerability affects unknown code of the file src/main/services/mcp/oauth/callback.ts of the component MCP OAuth Local Callback Server. The manipulation of the argument code leads to improper authorization. The attack can be initiated remotely and is considered to have high complexity with difficult exploitabil [truncated]