CVE-2026-13534 | CherryHQ cherry-studio up to 1.9.7 CherryIN Preload API MemoryService.ts sha256 state authorization (Issue 15411)

A vulnerability classified as problematic has been found in CherryHQ cherry-studio up to 1.9.7. This affects the function sha256 of the file src/main/services/memory/MemoryService.ts of the component CherryIN Preload API. Performing a manipulation of the argument state results in authorization bypass.

This vulnerability is identified as CVE-2026-13534. The attack can be initiated remotely. Additionally, an exploit exists.

The vendor explains, that “[m]emory is planned to be removed in v2 version.”

CVE-2026-13534 | CherryHQ cherry-studio up to 1.9.7 CherryIN Preload API MemoryService.ts sha256 state authorization (Issue 15411)

Post correlati

CVE-2023-29962 | S-CMS 5.0 path traversal

CVE-2026-8321 | inkeep agents 0.58.14 runAuth Middleware runAuth.ts createDevContext authentication bypass (Issue 3024)

CVE-2024-41623 | D3D IP Camera D8801 9.1.17.1.4-20180428 Payload Local Privilege Escalation

CVE-2024-10074 | OpenHarmony up to 4.1.1 use after free