Unrated severityNVD Advisory· Published Mar 23, 2026· Updated Mar 24, 2026
Blinko: Admin RCE - MCP Server Command Injection
CVE-2026-23882
Description
Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the MCP (Model Context Protocol) server creation function allows specifying arbitrary commands and arguments, which are executed when testing the connection. This issue has been patched in version 1.8.4.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- blinkospace/blinkov5Range: < 1.8.4
Patches
Vulnerability mechanics
References
3- github.com/blinkospace/blinko/commit/bef6b770743e87c630db2d00d7049dabd96bfe85mitrex_refsource_MISC
- github.com/blinkospace/blinko/releases/tag/1.8.4mitrex_refsource_MISC
- github.com/blinkospace/blinko/security/advisories/GHSA-59r2-82p8-c56vmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.