CVE-2026-31863

Improper Restriction of Excessive Authentication Attempts in github.com/anyproto/anytype-heart

Description

Anytype Heart is the middleware library for Anytype. The challenge-based authentication for the local gRPC client API can be bypassed, allowing an attacker to gain access without the 4-digit code. This vulnerability is fixed in anytype-heart 0.48.4, anytype-cli 0.1.11, and Anytype Desktop 0.54.5.

INFO

Published Date :

2026-03-11T17:43:08.106Z

Last Modified :

2026-03-12T13:52:12.763Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2026-31863 vulnerability.

Vendors	Products
Anyproto	Anytype-cli Anytype-heart Anytype-ts
Anytype	Anytype Cli Anytype Desktop Anytype Heart

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-31863.

URL	Resource
https://github.com/anyproto/anytype-heart/security/advisories/GHSA-vv3h-7qwr-722v

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact