Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2026-23486 PoC — Blinko: Unauthorized User Information Leak

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2026/CVE-2026-23486.yaml
Associated Vulnerability
Title:Blinko: Unauthorized User Information Leak (CVE-2026-23486)
Description:Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, a publicly accessible endpoint exposes all user information, including usernames, roles, and account creation dates. This issue has been patched in version 1.8.4.
Description
Blinko <= 1.8.4 contains an information disclosure caused by a publicly accessible endpoint exposing user information including usernames, roles, and account creation dates, letting remote attackers access sensitive user data, exploit requires no special privileges.
File Snapshot

 id: CVE-2026-23486

info:
  name: Blinko <= 1.8.3 - User Information Leak
  author: 0x_Akoko
  sever

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →