CVE-2026-23487

Blinko: IDOR - user.detail Endpoint Leaks Superadmin Token

Description

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, there is an IDOR vulnerability where user.detail Endpoint Leaks the Superadmin Token. This issue has been patched in version 1.8.4.

INFO

Published Date :

2026-03-23T20:45:32.635Z

Last Modified :

2026-03-24T18:46:32.047Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2026-23487 vulnerability.

Vendors	Products
Blinko	Blinko
Blinkospace	Blinko

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-23487.

URL	Resource
https://github.com/blinkospace/blinko/commit/bef6b770743e87c630db2d00d7049dabd96bfe85
https://github.com/blinkospace/blinko/releases/tag/1.8.4
https://github.com/blinkospace/blinko/security/advisories/GHSA-4ffv-78qx-9p66

CVSS Vulnerability Scoring System

V4
V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact