CVE-2026-23484
Last modified
CVE-2026-23484 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. Blinko is an AI-powered card note-taking project. In versions from 1.8.3 and prior, the fileName parameter is not filtered, allowing path traversal to write files anywhere on the file system. EPSS estimates a 0.34% chance of exploitation in the next 30 days.
Description
Blinko is an AI-powered card note-taking project. In versions from 1.8.3 and prior, the fileName parameter is not filtered, allowing path traversal to write files anywhere on the file system. Moreover, this interface only requires authProcedure (normal user), not superAdminAuthMiddleware. At time of publication, there are no publicly available patches.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Blinko | Blinko | < 1.8.3 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-23484?
How severe is CVE-2026-23484?
How do I fix CVE-2026-23484?
Are you affected by CVE-2026-23484?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST