Unrated severityNVD Advisory· Published Mar 23, 2026· Updated Mar 25, 2026

Blinko: Authenticated Arbitrary File Write - saveDevPlugin

CVE-2026-23484

Description

Blinko is an AI-powered card note-taking project. In versions from 1.8.3 and prior, the fileName parameter is not filtered, allowing path traversal to write files anywhere on the file system. Moreover, this interface only requires authProcedure (normal user), not superAdminAuthMiddleware. At time of publication, there are no publicly available patches.

Affected products

Blinko/Blinkollm-fuzzy
Range: <=1.8.3
blinkospace/blinkov5
Range: <= 1.8.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/blinkospace/blinko/security/advisories/GHSA-7v3f-v6vf-jm9qmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000