Tag
A remote code execution vulnerability, CVE-2026-40501, exists in Cherry Studio versions 1.2.2 through 1.9.12 due to improper Electron BrowserWindow configuration, allowing remote attackers to execute arbitrary code by injecting malicious JavaScript through controlled search provider content, thereby gaining full Node.js privileges and accessing system resources.