CherryHQ cherry-studio CherryIN Preload API MemoryService.ts sha256 authorization_CVE-2026-13534

2.3 / 10

LOW

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was detected in CherryHQ cherry-studio up to 1.9.7. This affects the function sha256 of the file src/main/services/memory/MemoryService.ts of the component CherryIN Preload API. Performing a manipulation of the argument state results in authorization bypass. The attack can be initiated remotely. The attack's complexity is rated as high. It is indicated that the exploitability is difficult. The exploit is now public and may be used. The vendor explains, that "[m]emory is planned to be removed in v2 version."

Basic Information

ID CVE-2026-13534

Source VulDB

Published Jun 29, 2026 at 04:15

Affected Product

Vendor CherryHQ

Product cherry-studio

Version 1.9.0

Affected Versions CherryHQ cherry-studio 1.9.0
CherryHQ cherry-studio 1.9.1
CherryHQ cherry-studio 1.9.2
CherryHQ cherry-studio 1.9.3
CherryHQ cherry-studio 1.9.4
CherryHQ cherry-studio 1.9.5
CherryHQ cherry-studio 1.9.6
CherryHQ cherry-studio 1.9.7

CWE Classification

CWE-639 CWE-285

References

{
    "lastseen": "",
    "description": "A vulnerability was detected in CherryHQ cherry-studio up to 1.9.7. This affects the function sha256 of the file src/main/services/memory/MemoryService.ts of the component CherryIN Preload API. Performing a manipulation of the argument state results in authorization bypass. The attack can be initiated remotely. The attack's complexity is rated as high. It is indicated that the exploitability is difficult. The exploit is now public and may be used. The vendor explains, that \"[m]emory is planned to be removed in v2 version.\"",
    "published": "2026-06-29T04:15:09.623Z",
    "modified": "2026-06-29T04:15:09.623Z",
    "type": "cve",
    "title": "CherryHQ cherry-studio CherryIN Preload API MemoryService.ts sha256 authorization",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/374542\nhttps://vuldb.com/vuln/374542/cti\nhttps://vuldb.com/cve/CVE-2026-13534\nhttps://vuldb.com/submit/841998\nhttps://github.com/CherryHQ/cherry-studio/issues/15411\nhttps://github.com/CherryHQ/cherry-studio/pull/15413\nhttps://github.com/CherryHQ/cherry-studio/",
    "id": "CVE-2026-13534",
    "bulletinFamily": "",
    "cwe": [
        "CWE-639",
        "CWE-285"
    ],
    "cvelist": null,
    "sourceData": "CherryHQ cherry-studio 1.9.0\nCherryHQ cherry-studio 1.9.1\nCherryHQ cherry-studio 1.9.2\nCherryHQ cherry-studio 1.9.3\nCherryHQ cherry-studio 1.9.4\nCherryHQ cherry-studio 1.9.5\nCherryHQ cherry-studio 1.9.6\nCherryHQ cherry-studio 1.9.7",
    "sourceHref": "",
    "cvss": {
        "score": 2.3,
        "severity": "LOW",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "cherry-studio",
    "version": "1.9.0",
    "vendor": "CherryHQ",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}