CVE-2026-23882

N/A Unknown

Published: March 23, 2026 Modified: March 23, 2026

Description

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the MCP (Model Context Protocol) server creation function allows specifying arbitrary commands and arguments, which are executed when testing the connection. This issue has been patched in version 1.8.4.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://github.com/blinkospace/blinko/commit/bef6b770743e87c630db2d00d7049dabd96bfe85

Source: security-advisories@github.com

https://github.com/blinkospace/blinko/releases/tag/1.8.4

Source: security-advisories@github.com

https://github.com/blinkospace/blinko/security/advisories/GHSA-59r2-82p8-c56v

Source: security-advisories@github.com

3 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-78

Related CVEs

CVE-2026-4597 6.3

CVE-2026-4368 N/A

CVE-2026-3055 N/A

CVE-2026-23488 N/A

CVE-2026-23487 N/A