Vulnerability Details CVE-2026-31863
Anytype Heart is the middleware library for Anytype. The challenge-based authentication for the local gRPC client API can be bypassed, allowing an attacker to gain access without the 4-digit code. This vulnerability is fixed in anytype-heart 0.48.4, anytype-cli 0.1.11, and Anytype Desktop 0.54.5.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 3.6%
CVSS Severity
CVSS v3 Score 3.6
Products affected by CVE-2026-31863
-
cpe:2.3:a:anytype:anytype_cli:*
-
cpe:2.3:a:anytype:anytype_desktop:*
-
cpe:2.3:a:anytype:anytype_heart:*