Home / Vulnerability Intelligence / CVE-2026-23480

CVE-2026-23480 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 24, 2026

Blinko - Privilege Escalation

Published: March 23, 2026Updated: March 24, 2026Remote Exploitable

Overview

Blinko < 1.8.4 contains a privilege escalation vulnerability caused by missing superAdminAuthMiddleware and lack of ownership verification in upsertUser endpoint, letting authenticated users modify other users' passwords and escalate privileges.

Severity & Score

Severity: High

CVSS Score: 8.8

Impact

Authenticated users can escalate privileges to superadmin and take over any account, leading to complete account compromise.

Mitigation

Update to version 1.8.4 or later.

References

https://github.com/blinkospace/blinko/commit/3afbdf486b6f371bdac5781dea6289749f2c4c03
https://github.com/blinkospace/blinko/releases/tag/1.8.4
https://github.com/blinkospace/blinko/security/advisories/GHSA-r3mv-q7ww-86p6

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-23480
Severity: High
CVSS Score: 8.8
Type: broken_access_control
Status: confirmed

CWE

CWE-288

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H