Improper Authorization in CherryHQ cherry-studio

Executive Summary

CVE-2026-13524 is a security vulnerability in CherryHQ cherry-studio's MCP OAuth Local Callback Server. The flaw occurs because the system accepts any local callback request containing a code parameter without properly validating the OAuth state parameter. This lack of validation allows an attacker to perform OAuth callback injection and login CSRF attacks by sending a malicious request with their own authorization code during the OAuth flow. The system also does not enforce exact path matching for the callback URL, which can be exploited by attackers.

The vulnerability arises from the callback handler accepting the first code it receives without verifying the state or ensuring the callback path matches exactly, enabling an attacker to cause the system to exchange the wrong authorization code.

A fix is pending that introduces strict validation by generating a high-entropy state value for each OAuth flow, requiring the callback to return the exact state before accepting the authorization code, and enforcing exact callback pathname matching.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can allow an attacker to hijack the OAuth authorization process by injecting their own authorization code during the OAuth callback. This can lead to unauthorized access or login CSRF attacks.

Depending on the behavior of the MCP OAuth provider, the attack may cause account binding confusion or allow the attacker to impersonate a legitimate user.

Because the attack can be initiated remotely and exploits the acceptance of the first authorization code received without proper validation, it poses a risk of unauthorized access or session hijacking.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves improper validation of the OAuth callback request, specifically accepting any request with a code parameter without validating the state parameter or exact callback path. Detection can focus on monitoring for unexpected or malicious OAuth callback requests to the local callback server.

You can detect potential exploitation attempts by capturing and inspecting HTTP requests to the OAuth callback endpoint, looking for requests that contain a code parameter but lack a valid state parameter or have unusual callback paths.

Suggested commands include using network traffic capture tools like tcpdump or Wireshark to filter HTTP requests to the callback endpoint, for example:

• tcpdump -i any -A -s 0 'tcp port 80 or tcp port 443' | grep '/oauth/callback'
• curl -v 'http://localhost:PORT/oauth/callback?code=somecode' to manually test if the server accepts requests without a valid state parameter.

Additionally, reviewing server logs for callback requests that do not include a valid state parameter or that use unexpected callback paths can help identify attempts to exploit this vulnerability.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include restricting access to the local OAuth callback server to trusted sources only, such as localhost or specific IP addresses, to reduce the risk of remote exploitation.

You should also monitor and block any unexpected or suspicious OAuth callback requests that do not include a valid state parameter or that use incorrect callback paths.

Applying the pending fix from the official Cherry Studio pull request is recommended once it is accepted. This fix enforces strict validation by requiring an exact match of the OAuth state parameter and callback pathname, preventing unauthorized callback injection.

Until the fix is applied, consider implementing additional application-level checks or firewall rules to validate OAuth callback requests and reject those that do not conform to expected parameters.

Useful 0 Not Useful 0

Compliance Impact

The provided information does not explicitly address how the CVE-2026-13524 vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Useful 0 Not Useful 0