CVE-2026-23487

Name of the Vulnerable Software and Affected Versions Blinko versions prior to 1.8.4

Description Blinko is an AI-powered card note-taking project. A security issue exists where the user.detail API endpoint improperly reveals the superadmin token due to an IDOR (Insecure Direct Object Reference) condition. This allows unauthorized access to sensitive administrative functions.

Recommendations Update to version 1.8.4 or later.