Primary

Context

Anubis Bot Protection Bypass Vulnerability

Vulnerability

A vulnerability in Anubis, a tool designed to protect against AI scrapers, allows attackers to bypass bot protection mechanisms. This issue arises from the server accepting client-specified difficulty values for proof-of-work challenges, which can be manipulated to ease the scraping process. The vulnerability is present in versions prior to v1.11.0-37-gd98d70a.

Impact

Exploitation of this vulnerability allows sophisticated attackers to bypass bot protection on targeted websites, potentially leading to increased scraping activities.

Reproduction

To reproduce this vulnerability, request a proof-of-work challenge from a server using Anubis. When the challenge is issued, specify a nonce of your choice and set the difficulty to zero. The server will accept this manipulated challenge, effectively bypassing the bot protection.

Remediation

Users should upgrade to Anubis version v1.11.0-37-gd98d70a or later.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.9

exploitability

6.3

remediation

7.7

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.9

exploitability

6.3

remediation

7.7

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Anubis Bot Protection Bypass Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating