aqt
python · aqtHeads-up
aqt: Localhost API access via iframes in editor
Anki's webview-based pages communicate with the Rust backend using an internal localhost API.
20 Jun 2026 · schedule it
python · aqtCritical
aqt (Anki) 25.09.3 fixes Origin validation and path traversal
Anki's local HTTP server had insufficient Origin header validation and path traversal vulnerabilities, allowing malicious websites
20 Jun 2026 · act now