CVE-2026-23485

Sažetak

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the filePath parameter accepts path traversal sequences, allowing enumeration of file existence on the server via different error responses. This issue has been patched in version 1.8.4.

Reference

https://github.com/blinkospace/blinko/commit/9d6fa80a3e11a99886f90e048657443335fd3e7d
https://github.com/blinkospace/blinko/releases/tag/1.8.4
https://github.com/blinkospace/blinko/security/advisories/GHSA-5x64-pmfq-pw7q

CVSS

Base:	5.3
Impact:	1.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Zadnje važnije ažuriranje

24-03-2026 - 18:05

Objavljeno

23-03-2026 - 21:17