CVE-2026-23487

UNKNOWN 0.0

Blinko: IDOR - user.detail Endpoint Leaks Superadmin Token

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

11th

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, there is an IDOR vulnerability where user.detail Endpoint Leaks the Superadmin Token. This issue has been patched in version 1.8.4.

CWE	CWE-639
Vendor	blinkospace
Product	blinko
Published	Mar 23, 2026
Last Updated	Mar 24, 2026

Stay Ahead of the Next One

Get instant alerts for blinkospace blinko

Be the first to know when new unknown vulnerabilities affecting blinkospace blinko are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

blinkospace / blinko

< 1.8.4

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/blinkospace/blinko/security/advisories/GHSA-4ffv-78qx-9p66 github.com: https://github.com/blinkospace/blinko/commit/bef6b770743e87c630db2d00d7049dabd96bfe85 github.com: https://github.com/blinkospace/blinko/releases/tag/1.8.4