GHSA-CW6H-FFMH-X6VH: Arbitrary Local File Disclosure via Same-Origin Policy Bypass in Anki Desktop
Vulnerability ID: GHSA-CW6H-FFMH-X6VH
CVSS Score: 6.5
Published: 2026-06-19
Anki Desktop for Windows, macOS, and Linux is vulnerable to local file disclosure and data exfiltration due to an iframe-based Same-Origin Policy (SOP) bypass. Maliciously crafted user scripts inside imported deck files run within the localhost context, bypassing security filters to query internal endpoints and read arbitrary system files.
TL;DR
User-supplied HTML and SVG files within imported Anki decks can bypass Same-Origin Policy protections inside Anki's local media server, enabling unauthenticated reads of sensitive local files and immediate out-of-band data exfiltration.
Technical Details
- CWE ID: CWE-346 / CWE-22
- Attack Vector: Network
- CVSS Score: 6.5
- Exploit Status: Proof-of-Concept Available
- KEV Status: Not Listed
Affected Systems
- Anki Desktop for Windows
- Anki Desktop for macOS
- Anki Desktop for Linux
- aqt python module
-
aqt: <= 25.09.3 (Fixed in:
25.09.4)
Code Analysis
Commit: 8f39ce8
Harden media server with sandbox CSP and origin validation
Mitigation Strategies
- Update Anki Desktop to version 25.09.4 or higher.
- Do not import untrusted card packages (.apkg) from unverified third-party sources.
- Utilize personal firewall solutions to restrict local Anki processes from executing anomalous outbound connections.
Remediation Steps:
- Download the verified package for version 25.09.4 or above.
- Run the installer to overwrite legacy file handlers and apply the server-level CSP controls.
- Verify profile directories to clean up unused imported files.
References
- GitHub Security Advisory GHSA-CW6H-FFMH-X6VH
- Anki Security Advisory for GHSA-cw6h-ffmh-x6vh
- Anki Fix Commit 8f39ce82d575434319e479bb94f43de28523c6eb
Read the full report for GHSA-CW6H-FFMH-X6VH on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)