CVE-2026-23485

MEDIUM blinko NVD

CVSS Score 5.3

Severity MEDIUM

Published Mar 23, 2026

Vendor blinko

Description

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the filePath parameter accepts path traversal sequences, allowing enumeration of file existence on the server via different error responses. This issue has been patched in version 1.8.4.

References

https://github.com/blinkospace/blinko/commit/9d6fa80a3e11a99886f90e048657443335fd3e7d
https://github.com/blinkospace/blinko/releases/tag/1.8.4
https://github.com/blinkospace/blinko/security/advisories/GHSA-5x64-pmfq-pw7q