Local HTTP Server Vulnerability in Anki Flashcard Software
CVE-2026-59153
2.1LOW
What is CVE-2026-59153?
Anki, a popular flashcard software, had a vulnerability in versions prior to 25.09.3 where it allowed the launch of a local HTTP server intended for media file access and interface presentation. This local server inadequately blocked requests from unauthorized origins, making it susceptible to potential exploitation by malicious websites. Depending on the browser configurations, particularly regarding Private Network Access protections, the implications of this vulnerability could vary significantly. Users are encouraged to update to version 25.09.3 or later to mitigate this risk.
Affected Version(s)
anki < 25.09.3
