What is the CVSS score of EUVD-2026-14541?

EUVD-2026-14541 has a CVSS 3.1 base score of 5.3 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of Blinko are affected by EUVD-2026-14541?

Organizations using Blinko should be aware of moderate risk from CVE-2026-23486, a information exposure vulnerability rated CVSS 5.3. Sensitive information could be exposed to unauthorized parties.. A patch is available.

Is there a public PoC exploit available for EUVD-2026-14541?

Yes, a public proof-of-concept exploit is available for EUVD-2026-14541. Prioritise patching immediately. EPSS: 0.0%.

Blinko EUVD-2026-14541

| CVE-2026-23486 MEDIUM

Information Exposure (CWE-200)

2026-03-23 GitHub_M

Information Disclosure Blinko

5.3

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

5.3 MEDIUM

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Lifecycle Timeline

Patch available

Apr 16, 2026 - 05:29 EUVD

1.8.4

EUVD ID Assigned

Mar 23, 2026 - 21:00 euvd

EUVD-2026-14541

Analysis Generated

Mar 23, 2026 - 21:00 vuln.today

CVE Published

Mar 23, 2026 - 20:42 nvd

MEDIUM 5.3

DescriptionGitHub Advisory

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, a publicly accessible endpoint exposes all user information, including usernames, roles, and account creation dates. This issue has been patched in version 1.8.4.

AnalysisAI

A publicly accessible endpoint in Blinko prior to version 1.8.4 discloses sensitive user information including usernames, roles, and account creation dates without requiring authentication, allowing unauthenticated attackers to enumerate all user accounts. This information disclosure vulnerability (CWE-200) affects Blinko versions below 1.8.4 and has been patched in the latest release. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	The CVSS 6.9 (Medium) score reflects a network-accessible vulnerability with low attack complexity and no privilege requirements, but limited scope (information disclosure only, no integrity or availability impact). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker performs a simple HTTP GET request to the publicly accessible endpoint (e.g., /api/users or similar) without authentication and receives a JSON response containing all registered user accounts with their usernames, roles, and creation dates. The attacker uses this information to build a comprehensive user directory, identify administrative accounts by role, and target high-value accounts with phishing or credential stuffing attacks. …
Remediation	Immediately upgrade Blinko to version 1.8.4 or later, which includes the security patch. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. …

Threat intelligence, references, and detailed analysis are available after sign-in.

EUVD-2026-14541 vulnerability details – vuln.today

Back

Blinko EUVD-2026-14541

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

AnalysisAI

Unlock full vulnerability intelligence

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code