QwikSec

Security Database

CVE

CWE

Training

CVE-2026-23483

Published: Mar 23, 2026

Modified: Mar 24, 2026

PUBLISHED

Description

Blinko is an AI-powered card note-taking project. In versions from 1.8.3 and prior, the plugin file server endpoint uses join() to concatenate paths but does not verify if the final path is within the plugins directory, leading to path traversal. At time of publication, there are no publicly available patches.

Vendor	Product	Versions
blinkospace	blinko	affected `<= 1.8.3`

Weaknesses (CWE)

References

https://github.com/blinkospace/blinko/security/advisories/GHSA-54c7-9gxh-fg9v

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2026-23483 - Security Vulnerability | QwikSec