GHSA-869J-R97X-HX2G: GHSA-869J-R97X-HX2G: Local Path Traversal and Cross-Origin Resource Sharing Bypass in Anki Desktop

GHSA-869J-R97X-HX2G: Local Path Traversal and Cross-Origin Resource Sharing Bypass in Anki Desktop

Vulnerability ID: GHSA-869J-R97X-HX2G
CVSS Score: 8.7
Published: 2026-06-19

The local media server (mediasrv.py) in Anki up to and including version 25.09.2 fails to validate incoming HTTP requests. The server does not validate the Origin header, enabling cross-origin requests. Additionally, several endpoints suffer from directory traversal vulnerabilities. Combined, these flaws permit an unauthenticated remote attacker to exfiltrate arbitrary files from a local file system when a user visits a malicious website.

TL;DR

A critical vulnerability in Anki's local HTTP media server allows malicious websites to perform cross-origin directory traversal attacks, resulting in silent local file exfiltration from vulnerable browsers such as Firefox.

---

⚠️ Exploit Status: POC

Technical Details

• CWE ID: CWE-346, CWE-22
• Attack Vector: Network
• CVSS v4.0: 8.7
• Impact: Arbitrary Local File Read
• Exploit Status: Proof of Concept (PoC) available
• First Patched Version: 25.09.3

Affected Systems

• Anki Desktop Application (aqt Python module)
• aqt: <= 25.09.2 (Fixed in: 25.09.3)

Code Analysis

Commit: f4692e5

Fix path traversal vulnerabilities and improve path containment check logic

Commit: 858e568

Fix host shadowing bug inside local HTTP request routing logic

Mitigation Strategies

• Upgrade Anki to version 25.09.3 or later
• Avoid running Anki in the background when browsing untrusted websites using Firefox or browsers lacking Private Network Access (PNA) protection
• Utilize Chromium-based web browsers that block public-to-local cross-origin network requests by default

Remediation Steps:

1. Download the patched Anki installation package (version 25.09.3 or higher) from the official repository
2. Replace the existing vulnerable installation of the 'aqt' python module
3. Verify that running processes are restarted so the new mediasrv logic is in effect

References

• GitHub Security Advisory GHSA-869J-R97X-HX2G
• Anki Security Advisory Bulletin
• Anki 25.09.3 Release Notes
• Patch Commit: Secure Path Traversal Checks
• Patch Commit: Host Shadowing Verification Fix
• Tavis Ormandy's Original Disclosure Details on X

---

Read the full report for GHSA-869J-R97X-HX2G on our website for more details including interactive diagrams and full exploit analysis.