CVE-2026-23486

Name of the Vulnerable Software and Affected Versions Blinko versions prior to 1.8.4

Description A publicly accessible endpoint exposes all user information, including usernames, roles, and account creation dates. The affected software is an AI-powered card note-taking project. The issue was addressed in version 1.8.4. The vulnerable endpoint is not explicitly named, but it allows unauthorized access to user data. The exposed data includes username, role, and account creation date.

Recommendations Update to version 1.8.4 or later.