What is the CVSS score of EUVD-2026-14539?

EUVD-2026-14539 has a CVSS 3.1 base score of 5.3 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. EPSS exploitation probability: 0.1%.

Which versions of Blinko are affected by EUVD-2026-14539?

Organizations using Blinko should be aware of moderate risk from CVE-2026-23485, a path traversal vulnerability rated CVSS 5.3. This could allow unauthorized file access.. A patch is available.

Blinko EUVD-2026-14539

| CVE-2026-23485 MEDIUM

Path Traversal (CWE-22)

2026-03-23 GitHub_M

Path Traversal Blinko

5.3

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

5.3 MEDIUM

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Lifecycle Timeline

Patch available

Apr 16, 2026 - 05:29 EUVD

1.8.4

EUVD ID Assigned

Mar 23, 2026 - 21:00 euvd

EUVD-2026-14539

Analysis Generated

Mar 23, 2026 - 21:00 vuln.today

CVE Published

Mar 23, 2026 - 20:50 nvd

MEDIUM 5.3

DescriptionGitHub Advisory

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the filePath parameter accepts path traversal sequences, allowing enumeration of file existence on the server via different error responses. This issue has been patched in version 1.8.4.

AnalysisAI

Blinko, an AI-powered card note-taking application, contains a path traversal vulnerability in the filePath parameter that allows unauthenticated remote attackers to enumerate file existence on the server through differential error responses. Versions prior to 1.8.4 are affected, and an attacker can leverage this vulnerability to discover sensitive files and directories without authentication or user interaction. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	While the CVSS 6.9 score reflects the network-accessible nature and lack of privilege requirements (AV:N, PR:N, UI:N), the actual real-world risk is moderate. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An unauthenticated attacker probes the Blinko application by submitting HTTP requests with payloads such as 'filePath=../../../../etc/passwd' and observes the server's error responses. By comparing response codes and error messages (e.g., 'file not found' versus 'access denied'), the attacker maps the server's file system structure and identifies the existence of sensitive files such as configuration files, private keys, or database files. …
Remediation	Upgrade Blinko to version 1.8.4 or later immediately by downloading the patched release from https://github.com/blinkospace/blinko/releases/tag/1.8.4. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. …

Threat intelligence, references, and detailed analysis are available after sign-in.

EUVD-2026-14539 vulnerability details – vuln.today

Back

Blinko EUVD-2026-14539

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

AnalysisAI

Unlock full vulnerability intelligence

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code