CVE-2026-23481

Description

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, there is an authenticated arbitrary file write vulnerability in saveAdditionalDevFile. This issue has been patched in version 1.8.4.

CVSS breakdown

CVSS 4.0

Attack Vector

Network

Attack Complexity

Low

Attack Requirements

None

Privileges Required

Low

User Interaction

None

Confidentiality (Vulnerable System)

None

Integrity (Vulnerable System)

Low

Availability (Vulnerable System)

None

Confidentiality (Subsequent System)

None

Integrity (Subsequent System)

None

Availability (Subsequent System)

None

Affected products

blinkospace / blinko< 1.8.4 – < 1.8.4

References

VENDOR_ADVISORYhttps://github.com/blinkospace/blinko/security/advisories/GHSA-38hg-8p2j-76g5
PATCHhttps://github.com/blinkospace/blinko/commit/02a4205f1ad22d0e78dc2ab2967b551d0dbd0a06
PATCHhttps://github.com/blinkospace/blinko/releases/tag/1.8.4