PT-2026-27217 · Blinko · Blinko

Tx1Ee

·

Publicado

2026-03-23

·

Atualizado

2026-03-23

·

CVE-2026-23882

CVSS v4.0

8.6

Alta

VetorAV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions Blinko versions prior to 1.8.4
Description Blinko is an AI-powered card note-taking project. The server creation function for the Model Context Protocol (MCP) allows specification of arbitrary commands and arguments. These commands are executed during connection testing. This allows for potential remote code execution.
Recommendations Update to version 1.8.4 or later.

Exploit

Correção

RCE

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78

Identificadores relacionados

CVE-2026-23882
GHSA-59R2-82P8-C56V

Produtos afetados

Blinko