{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T19:36:28.740","vulnerabilities":[{"cve":{"id":"CVE-2026-31863","sourceIdentifier":"security-advisories@github.com","published":"2026-03-11T18:16:25.270","lastModified":"2026-03-20T16:29:45.237","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Anytype Heart is the middleware library for Anytype. The challenge-based authentication for the local gRPC client API can be bypassed, allowing an attacker to gain access without the 4-digit code. This vulnerability is fixed in anytype-heart 0.48.4, anytype-cli 0.1.11, and Anytype Desktop 0.54.5."},{"lang":"es","value":"Anytype Heart es la biblioteca de middleware para Anytype. La autenticación basada en desafíos para la API de cliente gRPC local puede ser eludida, permitiendo a un atacante obtener acceso sin el código de 4 dígitos. Esta vulnerabilidad está corregida en anytype-heart 0.48.4, anytype-cli 0.1.11 y Anytype Desktop 0.54.5."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":3.6,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.0,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":2.5}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-307"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:anytype:anytype_cli:*:*:*:*:*:*:*:*","versionEndExcluding":"0.1.11","matchCriteriaId":"48E258B4-F304-4C04-8447-062E18AD427E"},{"vulnerable":true,"criteria":"cpe:2.3:a:anytype:anytype_desktop:*:*:*:*:*:*:*:*","versionEndExcluding":"0.54.5","matchCriteriaId":"06C0A410-2ED2-4A69-9FE4-5153F7D29887"},{"vulnerable":true,"criteria":"cpe:2.3:a:anytype:anytype_heart:*:*:*:*:*:*:*:*","versionEndExcluding":"0.48.4","matchCriteriaId":"061F6964-1440-48DC-B1A9-02F59BFC24C1"}]}]}],"references":[{"url":"https://github.com/anyproto/anytype-heart/security/advisories/GHSA-vv3h-7qwr-722v","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}}]}