PT-2026-27206 · Blinko · Blinko
Tx1Ee
·
Publicado
2026-03-23
·
Atualizado
2026-04-30
·
CVE-2026-23483
CVSS v4.0
6.9
Média
| Vetor | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Blinko versions prior to 1.8.3
Description
Blinko is an AI-powered card note-taking project. The plugin file server endpoint uses the
join() function to concatenate paths but does not verify if the final path is within the plugins directory, leading to a path traversal issue. The vulnerable API endpoint is the plugin file server endpoint. The join() function is used to concatenate paths without proper validation.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Blinko