CVE-2026-6634 | usememos up to 0.22.1 UpdateInstanceSetting src/App.tsx memos_access_token additionalStyle/additionalScript improper authorization

A vulnerability was found in usememos memos up to 0.22.1. It has been rated as critical. This affects the function memos_access_token of the file src/App.tsx of the component UpdateInstanceSetting. This manipulation of the argument additionalStyle/additionalScript causes improper authorization.

This vulnerability is tracked as CVE-2026-6634. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.