Primary

Context

Blinko IDOR Vulnerability in User Detail Endpoint Allows Superadmin Token Leakage

Vulnerability

An Insecure Direct Object Reference (IDOR) vulnerability has been identified in Blinko versions prior to 1.8.4. The issue arises in the user.detail endpoint, where the superadmin token is improperly exposed. This vulnerability allows any authenticated user to access the superadmin's permanent API token, leading to unauthorized escalation of privileges and the ability to perform all superadmin operations.

Impact

Exploitation of this vulnerability allows any authenticated user to obtain the superadmin's API token, facilitating an immediate escalation of privileges to superadmin status.

Remediation

Users can upgrade to Blinko version 1.8.4 or later to address this vulnerability.

Added: Mar 23, 2026, 9:20 PM

Updated: Mar 23, 2026, 9:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.9

remediation

0.0

relevance

4.6

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.9

remediation

0.0

relevance

4.6

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Blinko IDOR Vulnerability in User Detail Endpoint Allows Superadmin Token Leakage

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating