Blinko <= 1.8.3 - User Information Leak

Blinko = 1.8.4 contains an information disclosure caused by a publicly accessible endpoint exposing user information including usernames, roles, and account creation dates, letting remote attackers access sensitive user data, exploit requires no special privileges. id: CVE-2026-23486 info: name:...

CVE-2026-23486

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, a publicly accessible endpoint exposes all user information, including usernames, roles, and account creation dates. This issue has been patched in version 1.8.4...

CVE-2026-23486

The CVE-2026-23486 vulnerability affects Blinko prior to version 1.8.4, where a publicly accessible endpoint exposed all user information (usernames, roles, and account creation dates). The issue is caused by an exposed endpoint, with impacts limited to information disclosure (low confidentiality...

PT-2026-27214

Name of the Vulnerable Software and Affected Versions Blinko versions prior to 1.8.4 Description A publicly accessible endpoint exposes all user information, including usernames, roles, and account creation dates. The affected software is an AI-powered card note-taking project. The issue was...