Cherryhq Cherry-studio
6 CVEs affecting Cherryhq Cherry-studio. Latest disclosed: 2026-06-29. Critical: 3, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-54074 | Critical | 9.8 | 2025-08-13 | Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.2.5 to 1.5.1, Cherry Studio is vulnerable to OS Command Injection d… |
CVE-2025-61929 | Critical | 9.6 | 2025-10-10 | Cherry Studio is a desktop client that supports for multiple LLM providers. Cherry Studio registers a custom protocol called `cherrystudio://`. When handling t… |
CVE-2025-54382 | Critical | 9.6 | 2025-08-13 | Cherry Studio is a desktop client that supports for multiple LLM providers. In version 1.5.1, a remote code execution (RCE) vulnerability exists in the Cherry… |
CVE-2025-54063 | High | 8.0 | 2025-08-11 | Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.4.8 to 1.5.0, there is a one-click remote code execution vulnerabil… |
CVE-2026-13524 | Medium | 5.6 | 2026-06-29 | A security vulnerability has been detected in CherryHQ cherry-studio up to 1.9.6. This vulnerability affects unknown code of the file src/main/services/mcp/oau… |
CVE-2026-13534 | Medium | 5.0 | 2026-06-29 | A vulnerability was detected in CherryHQ cherry-studio up to 1.9.7. This affects the function sha256 of the file src/main/services/memory/MemoryService.ts of t… |