{"id":"CVE-2026-31863","summary":"Improper Restriction of Excessive Authentication Attempts in github.com/anyproto/anytype-heart","details":"Anytype Heart is the middleware library for Anytype. The challenge-based authentication for the local gRPC client API can be bypassed, allowing an attacker to gain access without the 4-digit code. This vulnerability is fixed in anytype-heart 0.48.4, anytype-cli 0.1.11, and Anytype Desktop 0.54.5.","aliases":["GHSA-vv3h-7qwr-722v","GO-2026-4680"],"modified":"2026-04-10T05:43:03.313505Z","published":"2026-03-11T17:43:08.106Z","related":["SUSE-SU-2026:1042-1"],"database_specific":{"cwe_ids":["CWE-307"],"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31863.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31863.json"},{"type":"ADVISORY","url":"https://github.com/anyproto/anytype-heart/security/advisories/GHSA-vv3h-7qwr-722v"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31863"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/anyproto/anytype-heart","events":[{"introduced":"0"},{"fixed":"20aa20917271b1298baef683b422564597648e1f"}]}],"versions":["v0.26.3","v0.26.4","v0.26.5","v0.26.6","v0.27.0","v0.27.1","v0.27.10","v0.27.11","v0.27.12","v0.27.13","v0.27.14","v0.27.16","v0.27.17","v0.27.18","v0.27.19","v0.27.2","v0.27.20","v0.27.3","v0.27.4","v0.27.5","v0.27.6","v0.27.7","v0.27.8","v0.27.9","v0.28.0","v0.28.0-alpha6","v0.28.1","v0.28.2","v0.28.3","v0.28.4","v0.29.0","v0.29.0-alpha","v0.29.1","v0.29.10","v0.29.11","v0.29.12","v0.29.2","v0.29.3","v0.29.4","v0.29.5","v0.29.6","v0.29.7","v0.29.8","v0.29.9","v0.30.0","v0.30.0-rc1","v0.30.0-rc2","v0.30.0-rc3","v0.30.0-rc4","v0.30.0-rc5","v0.30.0-rc6","v0.30.0-rc7","v0.30.0-rc8","v0.30.1","v0.30.2","v0.30.3","v0.30.5","v0.30.6","v0.30.7","v0.30.8","v0.30.9","v0.31.0","v0.31.1","v0.31.3","v0.31.4","v0.31.5","v0.32.0","v0.32.0-rc1","v0.32.0-rc10","v0.32.0-rc11","v0.32.0-rc2","v0.32.0-rc3","v0.32.0-rc4","v0.32.0-rc5","v0.32.0-rc6","v0.32.0-rc7","v0.32.0-rc8","v0.32.0-rc9","v0.32.1","v0.32.2","v0.33.0","v0.33.0-rc1","v0.33.0-rc10","v0.33.0-rc11","v0.33.0-rc12","v0.33.0-rc13","v0.33.0-rc14","v0.33.0-rc15","v0.33.0-rc16","v0.33.0-rc17","v0.33.0-rc18","v0.33.0-rc19","v0.33.0-rc2","v0.33.0-rc20","v0.33.0-rc21","v0.33.0-rc22","v0.33.0-rc3","v0.33.0-rc4","v0.33.0-rc5","v0.33.0-rc6","v0.33.0-rc7","v0.33.0-rc8","v0.33.0-rc9","v0.33.1","v0.33.2","v0.34.0","v0.34.0-rc1","v0.34.0-rc2","v0.34.0-rc3","v0.34.0-rc4","v0.34.0-rc5","v0.34.0-rc6","v0.34.0-rc7","v0.34.0-rc8","v0.34.0-rc9","v0.34.1","v0.34.2","v0.34.3","v0.35.0-rc1","v0.35.0-rc10","v0.35.0-rc11","v0.35.0-rc2","v0.35.0-rc3","v0.35.0-rc6","v0.35.0-rc7","v0.35.0-rc8","v0.35.0-rc9","v0.36.0","v0.36.0-rc1","v0.36.0-rc2","v0.36.0-rc3","v0.36.0-rc4","v0.36.0-rc5","v0.36.0-rc6","v0.36.0-rc7","v0.36.0-rc8","v0.36.0-rc9","v0.36.1","v0.36.2","v0.36.3","v0.36.4","v0.36.5","v0.36.5-alpha1","v0.36.5-alpha2","v0.37.0","v0.37.0-alpha01","v0.37.0-alpha02","v0.37.0-alpha03","v0.37.0-alpha04","v0.37.0-alpha05","v0.37.1","v0.37.3","v0.37.4","v0.38.0","v0.38.1","v0.38.2","v0.38.3","v0.38.4","v0.38.5","v0.38.6","v0.38.7","v0.38.8","v0.39.0-rc02","v0.39.0-rc03","v0.39.0-rc04","v0.39.0-rc05","v0.39.0-rc06","v0.39.0-rc07","v0.39.0-rc08","v0.39.0-rc09","v0.39.0-rc1","v0.39.1","v0.39.10","v0.39.2","v0.39.3","v0.39.4","v0.39.5","v0.39.6","v0.39.7","v0.39.8","v0.39.9","v0.40.0","v0.40.0-alpha01","v0.40.0-alpha02","v0.40.0-rc1","v0.40.0-rc10","v0.40.0-rc11","v0.40.0-rc2","v0.40.0-rc3","v0.40.0-rc4","v0.40.0-rc5","v0.40.0-rc6","v0.40.0-rc7","v0.40.0-rc8","v0.40.0-rc9","v0.40.1","v0.40.11","v0.40.12","v0.40.13","v0.40.14","v0.40.15","v0.40.16","v0.40.17","v0.40.18","v0.40.19","v0.40.2","v0.40.3","v0.40.4","v0.40.5","v0.40.6","v0.40.7","v0.40.8","v0.40.9","v0.41.0-alpha","v0.41.0-rc","v0.41.0-rc1","v0.41.0-rc10","v0.41.0-rc11","v0.41.0-rc12","v0.41.0-rc13","v0.41.0-rc14","v0.41.0-rc15","v0.41.0-rc16","v0.41.0-rc17","v0.41.0-rc18","v0.41.0-rc19","v0.41.0-rc2","v0.41.0-rc20","v0.41.0-rc21","v0.41.0-rc22","v0.41.0-rc3","v0.41.0-rc4","v0.41.0-rc5","v0.41.0-rc6","v0.41.0-rc7","v0.41.0-rc8","v0.41.0-rc9","v0.42.0","v0.42.0-rc1","v0.42.0-rc10","v0.42.0-rc11","v0.42.0-rc12","v0.42.0-rc13","v0.42.0-rc14","v0.42.0-rc15","v0.42.0-rc16","v0.42.0-rc17","v0.42.0-rc18","v0.42.0-rc19","v0.42.0-rc2","v0.42.0-rc20","v0.42.0-rc21","v0.42.0-rc22","v0.42.0-rc23","v0.42.0-rc24","v0.42.0-rc25","v0.42.0-rc26","v0.42.0-rc27","v0.42.0-rc28","v0.42.0-rc29","v0.42.0-rc3","v0.42.0-rc30","v0.42.0-rc31","v0.42.0-rc4","v0.42.0-rc5","v0.42.0-rc6","v0.42.0-rc7","v0.42.0-rc8","v0.42.0-rc9","v0.42.4-nightly-20250820161650","v0.43.0-rc01","v0.43.0-rc02","v0.44.0-nightly-20250821085427","v0.44.0-nightly-20250821173658","v0.44.0-nightly-20250821202312","v0.44.0-nightly-20250821212538","v0.44.0-nightly-20250821213943","v0.44.0-nightly-20250825150218","v0.44.0-nightly-20250825175002","v0.44.0-nightly-20250825183418","v0.44.0-nightly-20250825222411","v0.44.0-nightly-20250825225011","v0.44.0-nightly-20250826025138","v0.44.0-nightly.20250826.1","v0.44.0-nightly.20250830.1","v0.44.0-nightly.20250901.1","v0.44.0-nightly.20250902.1","v0.44.0-nightly.20250903.1","v0.44.0-nightly.20250905.1","v0.44.0-nightly.20250906.1","v0.44.0-nightly.20250909.1","v0.44.0-nightly.20250910.1","v0.44.0-nightly.20250910.2","v0.44.0-nightly.20250911.1","v0.44.0-nightly.20250911.2","v0.44.0-nightly.20250913.1","v0.44.0-nightly.20250917.1","v0.44.0-nightly.20250918.1","v0.44.0-nightly.20250919.1","v0.44.0-nightly.20250920.1","v0.44.0-nightly.20250924.1","v0.44.0-nightly.20250925.1","v0.44.0-nightly.20250927.1","v0.44.0-nightly.20250930.1","v0.44.0-nightly.20251001.1","v0.44.0-nightly.20251002.1","v0.44.0-nightly.20251003.1","v0.44.0-nightly.20251004.1","v0.44.0-nightly.20251007.1","v0.44.0-nightly.20251008.1","v0.44.0-nightly.20251009.1","v0.44.0-nightly.20251010.1","v0.44.0-nightly.20251013.1","v0.44.0-nightly.20251015.1","v0.44.0-nightly.20251016.1","v0.44.0-nightly.20251018.1","v0.44.0-nightly.20251022.1","v0.44.0-nightly.20251022.2","v0.44.0-nightly.20251024.1","v0.44.0-nightly.20251025.1","v0.44.0-nightly.20251030.1","v0.44.0-nightly.20251103.1","v0.44.0-nightly.20251104.1","v0.44.0-nightly.20251105.1","v0.44.0-nightly.20251106.1","v0.44.0-nightly.20251108.1","v0.44.0-nightly.20251111.1","v0.44.0-nightly.20251114.1","v0.44.0-nightly.20251115.1","v0.44.0-nightly.20251119.1","v0.44.0-nightly.20251120.1","v0.44.0-nightly.20251121.1","v0.44.0-nightly.20251124.1","v0.44.0-nightly.20251126.1","v0.44.0-nightly.20251202.1","v0.44.0-nightly.20251203.1","v0.44.0-nightly.20251204.1","v0.44.0-nightly.20251205.1","v0.44.0-nightly.20251206.1","v0.44.0-nightly.20251209.1","v0.44.0-nightly.20251211.1","v0.44.0-nightly.20251212.1","v0.44.0-nightly.20251213.1","v0.44.0-nightly.20251216.1","v0.44.0-nightly.20251217.1","v0.44.0-nightly.20251218.1","v0.44.0-nightly.20251219.1","v0.44.0-nightly.20251220.1","v0.44.0-nightly.20251225.1","v0.44.0-nightly.20260121.1","v0.44.0-nightly.20260121.2","v0.44.0-nightly.20260123.1","v0.44.0-nightly.20260127.1","v0.44.0-nightly.20260128.1","v0.44.0-nightly.20260129.1","v0.44.0-nightly.20260130.1","v0.44.0-nightly.20260131.1","v0.44.0-nightly.20260203.1","v0.44.0-nightly.20260204.1","v0.44.0-nightly.20260205.1","v0.44.0-nightly.20260209.1","v0.44.0-nightly.20260211.1","v0.44.0-nightly.20260212.1","v0.44.0-nightly.20260213.1","v0.44.0-nightly.20260214.1","v0.44.0-nightly.20260217.1","v0.44.0-rc01","v0.44.0-rc02","v0.44.0-rc03","v0.44.0-rc04","v0.44.0-rc05","v0.44.0-rc06","v0.44.0-rc07","v0.44.0-rc08","v0.44.0-rc09","v0.44.0-rc10","v0.44.1","v0.45.0","v0.45.0-rc01","v0.45.0-rc02","v0.45.0-rc03","v0.45.1","v0.45.3","v0.45.4","v0.45.5","v0.46.0","v0.46.0-rc01","v0.46.0-rc02","v0.46.0-rc03","v0.46.0-rc04","v0.46.0-rc05","v0.46.1","v0.46.2","v0.46.3","v0.47.0","v0.47.1","v0.48.0","v0.48.0-rc01","v0.48.0-rc02","v0.48.0-rc03","v0.48.0-rc04","v0.48.0-rc05","v0.48.0-rc06","v0.48.0-rc07","v0.48.1","v0.48.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31863.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"}]}