Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-13524

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-29 Jun, 2026 | 01:45
Updated At-30 Jun, 2026 | 17:25
Rejected At-
Credits

CherryHQ cherry-studio MCP OAuth Local Callback Server callback.ts improper authorization

A security vulnerability has been detected in CherryHQ cherry-studio up to 1.9.6. This vulnerability affects unknown code of the file src/main/services/mcp/oauth/callback.ts of the component MCP OAuth Local Callback Server. The manipulation of the argument code leads to improper authorization. The attack can be initiated remotely. The attack is considered to have high complexity. It is stated that the exploitability is difficult. The exploit has been disclosed publicly and may be used. The pull request to fix this issue awaits acceptance.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:29 Jun, 2026 | 01:45
Updated At:30 Jun, 2026 | 17:25
Rejected At:
â–¼CVE Numbering Authority (CNA)
CherryHQ cherry-studio MCP OAuth Local Callback Server callback.ts improper authorization

A security vulnerability has been detected in CherryHQ cherry-studio up to 1.9.6. This vulnerability affects unknown code of the file src/main/services/mcp/oauth/callback.ts of the component MCP OAuth Local Callback Server. The manipulation of the argument code leads to improper authorization. The attack can be initiated remotely. The attack is considered to have high complexity. It is stated that the exploitability is difficult. The exploit has been disclosed publicly and may be used. The pull request to fix this issue awaits acceptance.

Affected Products
Vendor
CherryHQ
Product
cherry-studio
CPEs
  • cpe:2.3:a:cherryhq:cherry-studio:*:*:*:*:*:*:*:*
Modules
  • MCP OAuth Local Callback Server
Versions
Affected
  • 1.9.0
  • 1.9.1
  • 1.9.2
  • 1.9.3
  • 1.9.4
  • 1.9.5
  • 1.9.6
Problem Types
TypeCWE IDDescription
CWECWE-285Improper Authorization
CWECWE-266Incorrect Privilege Assignment
Type: CWE
CWE ID: CWE-285
Description: Improper Authorization
Type: CWE
CWE ID: CWE-266
Description: Incorrect Privilege Assignment
Metrics
VersionBase scoreBase severityVector
4.06.3MEDIUM
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
3.15.6MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
3.05.6MEDIUM
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
2.05.1N/A
AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
Version: 4.0
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Version: 3.1
Base score: 5.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Version: 3.0
Base score: 5.6
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Version: 2.0
Base score: 5.1
Base severity: N/A
Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

reporter
dem0000 (VulDB User)
coordinator
VulDB CNA Team
Timeline
EventDate
Advisory disclosed2026-06-28 00:00:00
VulDB entry created2026-06-28 02:00:00
VulDB entry last update2026-06-28 09:55:25
Event: Advisory disclosed
Date: 2026-06-28 00:00:00
Event: VulDB entry created
Date: 2026-06-28 02:00:00
Event: VulDB entry last update
Date: 2026-06-28 09:55:25
Replaced By

Rejected Reason

References
HyperlinkResource
https://vuldb.com/vuln/374532
vdb-entry
technical-description
https://vuldb.com/vuln/374532/cti
signature
permissions-required
https://vuldb.com/cve/CVE-2026-13524
third-party-advisory
https://vuldb.com/submit/840175
third-party-advisory
https://github.com/CherryHQ/cherry-studio/issues/15372
exploit
issue-tracking
https://github.com/CherryHQ/cherry-studio/pull/15388
issue-tracking
patch
https://github.com/CherryHQ/cherry-studio/
product
Hyperlink: https://vuldb.com/vuln/374532
Resource:
vdb-entry
technical-description
Hyperlink: https://vuldb.com/vuln/374532/cti
Resource:
signature
permissions-required
Hyperlink: https://vuldb.com/cve/CVE-2026-13524
Resource:
third-party-advisory
Hyperlink: https://vuldb.com/submit/840175
Resource:
third-party-advisory
Hyperlink: https://github.com/CherryHQ/cherry-studio/issues/15372
Resource:
exploit
issue-tracking
Hyperlink: https://github.com/CherryHQ/cherry-studio/pull/15388
Resource:
issue-tracking
patch
Hyperlink: https://github.com/CherryHQ/cherry-studio/
Resource:
product
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://vuldb.com/submit/840175
exploit
Hyperlink: https://vuldb.com/submit/840175
Resource:
exploit
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:29 Jun, 2026 | 03:16
Updated At:30 Jun, 2026 | 18:16

A security vulnerability has been detected in CherryHQ cherry-studio up to 1.9.6. This vulnerability affects unknown code of the file src/main/services/mcp/oauth/callback.ts of the component MCP OAuth Local Callback Server. The manipulation of the argument code leads to improper authorization. The attack can be initiated remotely. The attack is considered to have high complexity. It is stated that the exploitability is difficult. The exploit has been disclosed publicly and may be used. The pull request to fix this issue awaits acceptance.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.02.9LOW
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.15.6MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Secondary2.05.1MEDIUM
AV:N/AC:H/Au:N/C:P/I:P/A:P
N/A
Type: Secondary
Version: 4.0
Base score: 2.9
Base severity: LOW
Vector:
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 5.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Type: Secondary
Version: 2.0
Base score: 5.1
Base severity: MEDIUM
Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:P
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-266Secondarycna@vuldb.com
CWE-285Secondarycna@vuldb.com
CWE ID: CWE-266
Type: Secondary
Source: cna@vuldb.com
CWE ID: CWE-285
Type: Secondary
Source: cna@vuldb.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/CherryHQ/cherry-studio/cna@vuldb.com
N/A
https://github.com/CherryHQ/cherry-studio/issues/15372cna@vuldb.com
N/A
https://github.com/CherryHQ/cherry-studio/pull/15388cna@vuldb.com
N/A
https://vuldb.com/cve/CVE-2026-13524cna@vuldb.com
N/A
https://vuldb.com/submit/840175cna@vuldb.com
N/A
https://vuldb.com/vuln/374532cna@vuldb.com
N/A
https://vuldb.com/vuln/374532/cticna@vuldb.com
N/A
https://vuldb.com/submit/840175134c704f-9b21-4f2e-91b3-4a467353bcc0
N/A
Hyperlink: https://github.com/CherryHQ/cherry-studio/
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://github.com/CherryHQ/cherry-studio/issues/15372
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://github.com/CherryHQ/cherry-studio/pull/15388
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/cve/CVE-2026-13524
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/submit/840175
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/vuln/374532
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/vuln/374532/cti
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/submit/840175
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

6Records found

CVE-2026-13534
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-2.3||LOW
EPSS-0.20% / 9.93%
||
7 Day CHG~0.00%
Published-29 Jun, 2026 | 04:15
Updated-29 Jun, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CherryHQ cherry-studio CherryIN Preload API MemoryService.ts sha256 authorization

A vulnerability was detected in CherryHQ cherry-studio up to 1.9.7. This affects the function sha256 of the file src/main/services/memory/MemoryService.ts of the component CherryIN Preload API. Performing a manipulation of the argument state results in authorization bypass. The attack can be initiated remotely. The attack's complexity is rated as high. It is indicated that the exploitability is difficult. The exploit is now public and may be used. The vendor explains, that "[m]emory is planned to be removed in v2 version."

Action-Not Available
Vendor-CherryHQ
Product-cherry-studio
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-6572
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.32% / 24.14%
||
7 Day CHG~0.00%
Published-19 Apr, 2026 | 12:15
Updated-22 Apr, 2026 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Collabora KodExplorer fileUpload Endpoint share.class.php improper authorization

A security vulnerability has been detected in Collabora KodExplorer up to 4.52. Affected by this issue is some unknown functionality of the file /app/controller/share.class.php of the component fileUpload Endpoint. The manipulation of the argument fileUpload leads to improper authorization. Remote exploitation of the attack is possible. The attack's complexity is rated as high. The exploitation is known to be difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Collabora
Product-KodExplorer
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-285
Improper Authorization
CVE-2026-5246
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.62% / 45.44%
||
7 Day CHG~0.00%
Published-02 Apr, 2026 | 09:45
Updated-29 Apr, 2026 | 21:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cesanta Mongoose P-384 Public Key mongoose.c mg_tls_verify_cert_signature authorization

A vulnerability was determined in Cesanta Mongoose up to 7.20. Affected is the function mg_tls_verify_cert_signature of the file mongoose.c of the component P-384 Public Key Handler. Executing a manipulation can lead to authorization bypass. The attack can be executed remotely. Attacks of this nature are highly complex. The exploitability is told to be difficult. The exploit has been publicly disclosed and may be utilized. Upgrading to version 7.21 is able to address this issue. This patch is called 0d882f1b43ff2308b7486a56a9d60cd6dba8a3f1. The affected component should be upgraded. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

Action-Not Available
Vendor-cesantaCesanta
Product-mongooseMongoose
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-7292
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.26% / 17.07%
||
7 Day CHG~0.00%
Published-28 Apr, 2026 | 17:30
Updated-29 Apr, 2026 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
o2oa NodeAgent NodeAgent.java syncFile improper authorization

A security vulnerability has been detected in o2oa up to 10.0. This impacts the function syncFile of the file NodeAgent.java of the component NodeAgent. The manipulation leads to improper authorization. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is said to be difficult. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Action-Not Available
Vendor-n/a
Product-o2oa
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-285
Improper Authorization
CVE-2025-14660
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.28% / 19.36%
||
7 Day CHG~0.00%
Published-14 Dec, 2025 | 12:32
Updated-15 Dec, 2025 | 20:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DecoCMS Mesh Workspace Domain api.ts createTool access control

A flaw has been found in DecoCMS Mesh up to 1.0.0-alpha.31. Affected by this vulnerability is the function createTool of the file packages/sdk/src/mcp/teams/api.ts of the component Workspace Domain Handler. This manipulation of the argument domain causes improper access controls. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been published and may be used. Upgrading to version 1.0.0-alpha.32 addresses this issue. Patch name: 5f7315e05852faf3a9c177c0a34f9ea9b0371d3d. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-DecoCMS
Product-Mesh
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-284
Improper Access Control
CVE-2025-0580
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.38% / 29.50%
||
7 Day CHG~0.00%
Published-20 Jan, 2025 | 02:31
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Shiprocket Module REST API Module rest_api authorization

A vulnerability was found in Shiprocket Module 3 on OpenCart. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?route=extension/module/rest_api&action=getOrders of the component REST API Module. The manipulation of the argument contentHash leads to incorrect authorization. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-n/a
Product-Shiprocket Module
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-863
Incorrect Authorization
Details not found