CVE-2026-31863
EUVD-2026-1126711.03.2026, 18:16
Anytype Heart is the middleware library for Anytype. The challenge-based authentication for the local gRPC client API can be bypassed, allowing an attacker to gain access without the 4-digit code. This vulnerability is fixed in anytype-heart 0.48.4, anytype-cli 0.1.11, and Anytype Desktop 0.54.5.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| anytype | anytype_cli | 𝑥 < 0.1.11 |
| anytype | anytype_desktop | 𝑥 < 0.54.5 |
| anytype | anytype_heart | 𝑥 < 0.48.4 |
𝑥
= Vulnerable software versions