CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-23485

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the filePath parameter accepts path traversal sequences, allowing enumeration of file existence on the server via different error responses. This issue has been patched in version 1.8.4.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 18.4%

CVSS Severity

CVSS v3 Score 5.3

References

https://github.com/blinkospace/blinko/commit/9d6fa80a3e11a99886f90e048657443335fd3e7d
https://github.com/blinkospace/blinko/releases/tag/1.8.4
https://github.com/blinkospace/blinko/security/advisories/GHSA-5x64-pmfq-pw7q

Products affected by CVE-2026-23485

Blinko » Blinko » Version: Any

cpe:2.3:a:blinko:blinko:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-23485

Products

Pricing

Contact Us