Name of the Vulnerable Software and Affected Versions: Cherry Studio version 1.5.1 Description: Cherry Studio is a desktop client that supports multiple LLM providers. A remote code execution (RCE) vulnerability exists when connecting to streamableHttp MCP servers. The issue stems from the server’s implicit trust in the oauth auth redirection endpoints and failure to properly sanitize the URL. Recommendations: Update to version 1.5.2 to address the…Read More