CVE-2026-23483
Blinko: Unauthorized Arbitrary File Read - /plugins
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
4th
Blinko is an AI-powered card note-taking project. In versions from 1.8.3 and prior, the plugin file server endpoint uses join() to concatenate paths but does not verify if the final path is within the plugins directory, leading to path traversal. At time of publication, there are no publicly available patches.
| CWE | CWE-22 |
| Vendor | blinkospace |
| Product | blinko |
| Published | Mar 23, 2026 |
| Last Updated | Mar 24, 2026 |
Stay Ahead of the Next One
Get instant alerts for blinkospace blinko
Be the first to know when new unknown vulnerabilities affecting blinkospace blinko are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
blinkospace / blinko
<= 1.8.3