anonhaven
Ad

CVE-2026-23487

MEDIUM CVSS 4.0: 6.0 EPSS 0.04%
Updated Mar 24, 2026
Blinko
Parameter Value
CVSS 6.0 (MEDIUM)
Affected Versions before 1.8.4
Fixed In 1.8.4
Type CWE-639 (Authorization Bypass)
Vendor Blinko
Public PoC No

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, there is an IDOR vulnerability where user.detail Endpoint Leaks the Superadmin Token. This issue has been patched in version 1.8.4.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
High
Difficult to exploit
Attack Requirements
None
No additional conditions
Privileges Required
Low
Basic privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
None
No data modification
Availability
None
No disruption

CVSS Vector v4.0

Weakness Type (CWE)

CWE-639 Authorization Bypass

Vulnerable Products 1

Configuration From (including) Up to (excluding)
Blinko Blinko
cpe:2.3:a:blinko:blinko:*:*:*:*:*:*:*:*
 1.8.4

References 3

https://github.com/blinkospace/blinko/commit/bef6b770743e87c630db2d00d7049dabd9…
security-advisories@github.com
https://github.com/blinkospace/blinko/releases/tag/1.8.4
security-advisories@github.com
https://github.com/blinkospace/blinko/security/advisories/GHSA-4ffv-78qx-9p66
security-advisories@github.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-23882

Blinko

8.6

CVE-2026-23488

Blinko

6.9

CVE-2026-23486

Blinko

6.9

CVE-2026-23485

Blinko

6.9

CVE-2026-23484

Blinko

5.3