Unrated severityNVD Advisory· Published Mar 23, 2026· Updated Mar 24, 2026
Blinko: Unauthorized Arbitrary File Read - /plugins
CVE-2026-23483
Description
Blinko is an AI-powered card note-taking project. In versions from 1.8.3 and prior, the plugin file server endpoint uses join() to concatenate paths but does not verify if the final path is within the plugins directory, leading to path traversal. At time of publication, there are no publicly available patches.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- blinkospace/blinkov5Range: <= 1.8.3
Patches
Vulnerability mechanics
References
1- github.com/blinkospace/blinko/security/advisories/GHSA-54c7-9gxh-fg9vmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.