CVE-2026-23485

UNKNOWN 0.0

Blinko: Unauthorized Path Traversal File Enumeration - music-metadata

CVSS Score

0.0

EPSS Score

0.1%

EPSS Percentile

18th

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the filePath parameter accepts path traversal sequences, allowing enumeration of file existence on the server via different error responses. This issue has been patched in version 1.8.4.

CWE	CWE-22
Vendor	blinkospace
Product	blinko
Published	Mar 23, 2026
Last Updated	Mar 24, 2026

Stay Ahead of the Next One

Get instant alerts for blinkospace blinko

Be the first to know when new unknown vulnerabilities affecting blinkospace blinko are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

blinkospace / blinko

< 1.8.4

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/blinkospace/blinko/security/advisories/GHSA-5x64-pmfq-pw7q github.com: https://github.com/blinkospace/blinko/commit/9d6fa80a3e11a99886f90e048657443335fd3e7d github.com: https://github.com/blinkospace/blinko/releases/tag/1.8.4