CVE-2026-59153 - Anki's local HTTP server does not sufficiently validate requests
CVE ID :CVE-2026-59153
Published : July 7, 2026, 10:16 p.m. | 28 minutes ago
Description :Anki is a program for creating and reviewing flashcards. Prior to 25.09.3, Anki launches a local HTTP server to serve media files and web pages for parts of its interface, but requests from other origins were not sufficiently blocked. A malicious website could potentially trigger side-effecting requests to the local server, with severity varying by browser depending on Private Network Access protections. This issue is fixed in version 25.09.3.
Severity: 2.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Published : July 7, 2026, 10:16 p.m. | 28 minutes ago
Description :Anki is a program for creating and reviewing flashcards. Prior to 25.09.3, Anki launches a local HTTP server to serve media files and web pages for parts of its interface, but requests from other origins were not sufficiently blocked. A malicious website could potentially trigger side-effecting requests to the local server, with severity varying by browser depending on Private Network Access protections. This issue is fixed in version 25.09.3.
Severity: 2.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...