Blinko Path Traversal Vulnerability in Plugin File Server Endpoint

Vulnerability

A path traversal vulnerability has been identified in Blinko versions through 1.8.3. The issue arises in the plugin file server endpoint, where the server concatenates file paths using the join() function without properly validating whether the resulting path resides within the designated plugins directory. This oversight allows for unauthorized access to arbitrary files within the plugins directory.

Impact

Exploitation of this vulnerability could lead to unauthorized arbitrary file read within the plugins directory.

Added: Mar 23, 2026, 9:24 PM

Updated: Mar 23, 2026, 9:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

8.7

remediation

0.0

relevance

4.6

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

8.7

remediation

0.0

relevance

4.6

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Blinko Path Traversal Vulnerability in Plugin File Server Endpoint

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating