CVE-2026-23882 in blinkospace blinkoinfo

Summary

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the MCP (Model Context Protocol) server creation function allows specifying arbitrary commands and arguments, which are executed when testing the connection. This issue has been patched in version 1.8.4.

Responsible

GitHub_M

Reservation

01/16/2026

Disclosure

03/23/2026

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
352607	blinkospace blinko Model Context Protocol os command injection	78	Not defined	Official fix	CVE-2026-23882

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

◂ PreviousOverviewNext ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!