A vulnerability classified as problematic has been found in CherryHQ cherry-studio up to 1.9.7 . This affects the function sha256 of the file src/main/services/memory/MemoryService.ts of the component CherryIN Preload API . Performing a manipulation of the argument state results in authorization bypass. This vulnerability is identified as CVE-2026-13534 . The attack can be initiated remotely. Additionally, an exploit exists. The vendor explains, that "[m]emory is planned to be removed in v2 vers