Summary
Anki's local HTTP server does not sufficiently validate requests
Advisory details
Summary
Anki launches a local HTTP server to serve media files and web pages for parts of its interface. The server fails to validate requests in the following ways:
- No sufficient validation of the Origin header.
- Some endpoints are vulnerable to path traversal attacks.
This allows malicious websites to exfiltrate local files given a known path.
Browser impact
The severity varies by browser because of Private Network Access (PNA), a newer spec that restricts web pages from making requests to localhost/local network addresses:
Chrome/Chromium (including Edge, Brave): Largely protected, as Chrome has implemented PNA restrictions for several years and now puts local network access behind a permission prompt. Safari: Hasn't implemented PNA yet, though macOS has some OS-level protections. Firefox: Most vulnerable — hasn't implemented PNA yet, though it's reportedly planned for Firefox 151.
Patches
The issue was fixed as of Anki 25.09.3
References
Related vulnerabilities
All Supply chain →- HIGHGHSA-f4xh-w4cj-qxq8
LangSmith SDK TracingMiddleware: Arbitrary server-side file read
- CRITICALCVE-2026-54352
Budibase has arbitrary file read by workspace-builder via PWA-zip symlink upload
- HIGHGHSA-74p7-6h78-gw8p
skillctl: argument injection, path traversal in --dest, FIFO/device DoS, hardlink exfiltration, and commit-trailer forgery
- MEDIUMCVE-2026-46611
Glances: XML-RPC Server Missing Host Header Validation Enables DNS Rebinding Attack
- MEDIUMCVE-2026-44517
Build breakout using malicious Containerfile and Git Smart HTTP server or GitHub release tar archive
- MEDIUMCVE-2026-31978
motionEye has an Arbitrary File Read via Path Traversal in Picture/Movie Preview Endpoint