Path Traversal in Blinkospace Blinko

CVE-2026-23484

Blinko is an AI-powered card note-taking project. In versions from 1.8.3 and prior, the fileName parameter is not filtered, allowing path traversal to write files anywhere on the file system. Moreover, this interface only requires authProc…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.000 (6.7th percentile) — read the EPSS interpretation.

Affected products

Blinkospace Blinko — versions <= 1.8.3

Weakness classification (CWE)

CWE-22 — Path Traversal

References

https://github.com/blinkospace/blinko/security/advisories/GHSA-7v3f-v6vf-jm9q (x_refsource_CONFIRM)