CVE-2026-23882

HighRCE

Published: 23 March 2026

Published

23 March 2026

Modified

24 March 2026

KEV Added

—

Patch

—

CVSS Score 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0008 22.5th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-23882 is a high-severity OS Command Injection (CWE-78) vulnerability in Blinko Blinko. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 22.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

SI-10 requires validation of information inputs to the MCP server creation function, directly preventing arbitrary command injection by rejecting malicious commands and arguments.

SI-2 Flaw Remediation good match

prevent

SI-2 ensures timely identification, reporting, and correction of flaws like this command injection vulnerability through patching to Blinko v1.8.4.

AC-6 Least Privilege partial match

prevent

AC-6 enforces least privilege, limiting the high-privilege (PR:H) access needed to exploit the MCP server creation function for command injection.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059 Command and Scripting Interpreter Execution

Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.

attack.mitre.org →

Why these techniques?

Command injection (CWE-78) in server function enables network-based arbitrary command execution as high-priv user, directly facilitating T1190 (public-facing app exploitation) and T1059 (command/script interpreter abuse).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the MCP (Model Context Protocol) server creation function allows specifying arbitrary commands and arguments, which are executed when testing the connection. This issue has been patched in version 1.8.4.

Deeper analysisAI

CVE-2026-23882 is a command injection vulnerability (CWE-78) in Blinko, an AI-powered card note-taking project. In versions prior to 1.8.4, the MCP (Model Context Protocol) server creation function allows users to specify arbitrary commands and arguments, which are executed when testing the connection. The vulnerability carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

Attackers with high privileges (PR:H), such as authenticated users with elevated access, can exploit this over the network with low complexity and no user interaction required. Successful exploitation enables arbitrary command execution on the target system, resulting in high impacts to confidentiality, integrity, and availability.

The issue has been patched in Blinko version 1.8.4. Mitigation involves updating to this version or later. Details are provided in the GitHub security advisory (GHSA-59r2-82p8-c56v), release notes for v1.8.4, and the patching commit (bef6b770743e87c630db2d00d7049dabd96bfe85).