Primary

Context

Blinko Unauthorized Access Vulnerability in Comment Feature

Vulnerability

A vulnerability allowing unauthorized access has been identified in Blinko versions prior to 1.8.4. The issue resides in the comment feature, specifically within the /api/v1/comment/create and /api/v1/comment/list endpoints. The vulnerability allows attackers to post comments on any note, including private ones, without authorization. Additionally, it enables unauthorized viewing of comments on all notes.

Impact

Exploitation of this vulnerability allows for unauthorized comment posting and comment viewing on notes, including private ones.

Remediation

Users can update to Blinko version 1.8.4 or later to address this vulnerability.

Added: Mar 23, 2026, 9:20 PM

Updated: Mar 23, 2026, 9:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

8.1

remediation

0.0

relevance

4.6

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

8.1

remediation

0.0

relevance

4.6

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Blinko Unauthorized Access Vulnerability in Comment Feature

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating