Primary

Context

Blinko Authenticated Arbitrary File Write Vulnerability in saveAdditionalDevFile Endpoint

Vulnerability

A path traversal vulnerability allowing authenticated users to write arbitrary files has been identified in Blinko versions prior to 1.8.4. The issue resides in the saveAdditionalDevFile endpoint, where user input is not properly validated, enabling low privilege users to exploit the vulnerability by overwriting sensitive files or executing malicious scripts.

Impact

Exploitation of this vulnerability could lead to unauthorized file writes, with potential consequences such as overwriting SSH keys, modifying system configurations, or writing cron tasks that could be used to execute commands remotely.

Remediation

Users can upgrade to Blinko version 1.8.4 or later to address this vulnerability.

Added: Mar 23, 2026, 9:26 PM

Updated: Mar 23, 2026, 9:26 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.8

exploitability

6.6

remediation

0.0

relevance

4.6

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.8

exploitability

6.6

remediation

0.0

relevance

4.6

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Blinko Authenticated Arbitrary File Write Vulnerability in saveAdditionalDevFile Endpoint

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating