Low severityNVD Advisory· Published Mar 11, 2026· Updated Mar 12, 2026
Improper Restriction of Excessive Authentication Attempts in github.com/anyproto/anytype-heart
CVE-2026-31863
Description
Anytype Heart is the middleware library for Anytype. The challenge-based authentication for the local gRPC client API can be bypassed, allowing an attacker to gain access without the 4-digit code. This vulnerability is fixed in anytype-heart 0.48.4, anytype-cli 0.1.11, and Anytype Desktop 0.54.5.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/anyproto/anytype-heartGo | < 0.48.4 | 0.48.4 |
github.com/anyproto/anytype-cliGo | < 0.1.11 | 0.1.11 |
Affected products
1- Range: < 0.1.11
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-vv3h-7qwr-722vghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-31863ghsaADVISORY
- github.com/anyproto/anytype-heart/security/advisories/GHSA-vv3h-7qwr-722vghsax_refsource_CONFIRMWEB
- pkg.go.dev/vuln/GO-2026-4680ghsaWEB
News mentions
0No linked articles in our index yet.