Path Traversal in Blinkospace Blinko

CVE-2026-23483

Blinko is an AI-powered card note-taking project. In versions from 1.8.3 and prior, the plugin file server endpoint uses join() to concatenate paths but does not verify if the final path is within the plugins directory, leading to path tra…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.022 (84.6th percentile) — read the EPSS interpretation.