Local HTTP Server Vulnerability in Anki Flashcard Software
CVE-2026-59153

2.1LOW

Key Information:

Vendor

Ankitects

Status
Vendor
CVE Published:
7 July 2026

What is CVE-2026-59153?

Anki, a popular flashcard software, had a vulnerability in versions prior to 25.09.3 where it allowed the launch of a local HTTP server intended for media file access and interface presentation. This local server inadequately blocked requests from unauthorized origins, making it susceptible to potential exploitation by malicious websites. Depending on the browser configurations, particularly regarding Private Network Access protections, the implications of this vulnerability could vary significantly. Users are encouraged to update to version 25.09.3 or later to mitigate this risk.

Affected Version(s)

anki < 25.09.3

References

CVSS V4

Score:
2.1
Severity:
LOW
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.