CVE-2026-23483 in blinkoinfo

Zusammenfassung

von MITRE • 23.03.2026

Blinko is an AI-powered card note-taking project. In versions from 1.8.3 and prior, the plugin file server endpoint uses join() to concatenate paths but does not verify if the final path is within the plugins directory, leading to path traversal. At time of publication, there are no publicly available patches.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

GitHub M

Reservieren

13.01.2026

Veröffentlichung

23.03.2026

Moderieren

akzeptiert

Eintrag

VDB-352625

CPE

bereit

CWE

CWE-22 (bestätigt)

CVSS

5.3 (NVD)

EPSS

0.02152

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-23483
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-23483
CVE Details	https://www.cvedetails.com/cve/CVE-2026-23483/

◂ Zurück Übersicht Weiter ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!