PT-2026-27214 · Blinko · Blinko

Tx1Ee

Publicado

2026-03-23

Atualizado

2026-04-28

CVE-2026-23486

CVSS v4.0

6.9

Média

Vetor

AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Blinko versions prior to 1.8.4

Description A publicly accessible endpoint exposes all user information, including usernames, roles, and account creation dates. The affected software is an AI-powered card note-taking project. The issue was addressed in version 1.8.4. The vulnerable endpoint is not explicitly named, but it allows unauthorized access to user data. The exposed data includes username, role, and account creation date.

Recommendations Update to version 1.8.4 or later.

Exploit

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2026-23486

GHSA-446P-2XF5-FRXF

Produtos afetados

Blinko

PT-2026-27214 · Blinko · Blinko

CVE-2026-23486

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7