Path Traversal in Blinkospace Blinko

CVE-2026-23482

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the file server endpoint does not perform permission checks on the temp/ path and does not filter path traversal sequences, allowing unauthorized attackers to read a…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.167 (95.1th percentile) — read the EPSS interpretation.

Affected products

Blinkospace Blinko — versions < 1.8.4

Weakness classification (CWE)

CWE-22 — Path Traversal

References

https://github.com/blinkospace/blinko/security/advisories/GHSA-hrwx-rhrx-f9mm (x_refsource_CONFIRM)
https://github.com/blinkospace/blinko/commit/c48851090767feba431418630c495d90a7da1781 (x_refsource_MISC)
https://github.com/blinkospace/blinko/releases/tag/1.8.4 (x_refsource_MISC)