CVE-2026-23482

Name of the Vulnerable Software and Affected Versions Blinko versions prior to 1.8.4

Description The file server endpoint does not validate permissions on the temp/ path and does not filter path traversal sequences, potentially allowing unauthorized access to arbitrary files on the server. If scheduled backup tasks are enabled, attackers may be able to read backup files containing user notes and user TOKENS. A path traversal attack exploits a flaw in an application's handling of user-supplied input, allowing attackers to access files and directories outside the intended root directory.

Recommendations Update to version 1.8.4 or later.