CVE-2026-23484

Name of the Vulnerable Software and Affected Versions Blinko versions prior to 1.8.3

Description The fileName parameter in Blinko is not properly filtered, which allows for path traversal. This enables unauthorized writing of files to any location within the file system. The affected interface only requires standard user authentication (authProcedure) and does not enforce super administrator authentication (superAdminAuthMiddleware).

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.