CVE-2026-31863

LOW 3.6

Improper Restriction of Excessive Authentication Attempts in github.com/anyproto/anytype-heart

CVSS Score

3.6

EPSS Score

0.0%

EPSS Percentile

0th

Anytype Heart is the middleware library for Anytype. The challenge-based authentication for the local gRPC client API can be bypassed, allowing an attacker to gain access without the 4-digit code. This vulnerability is fixed in anytype-heart 0.48.4, anytype-cli 0.1.11, and Anytype Desktop 0.54.5.

CWE	CWE-307
Vendor	anyproto
Product	anytype-heart
Published	Mar 11, 2026
Last Updated	Mar 12, 2026

Stay Ahead of the Next One

Get instant alerts for anyproto anytype-heart

Be the first to know when new low vulnerabilities affecting anyproto anytype-heart are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Affected Versions

anyproto / anytype-heart

< 0.48.4

anyproto / anytype-cli

< 0.1.11

anyproto / anytype-ts

< 0.54.5

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/anyproto/anytype-heart/security/advisories/GHSA-vv3h-7qwr-722v