CVE-2026-22238

Critical CVSS: 10.0

The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX admin APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable admin API to create a new user with admin privileges. Successful exploitation of this vulnerability could allow the attacker to gain full access to customers' data and completely compromise the targeted platform by logging in to the newly-created admin user.

Vendor

Blusparkglobal

Product

Bluvoyix

CWE

CWE-269

Yayın Tarihi

2026-01-14 15:16:05

Güncelleme

2026-02-02 15:51:24

Source Identifier

56a186b1-7f5e-4314-ba38-38d5499fccfd

KEV Date Added

Kategoriler

CWE-269 Bluvoyix CRITICAL Blusparkglobal 2026

Referanslar

https://blusparkglobal.com/bluvoyix/

Benzer Kayıtlar

Critical

CVE-2026-22239

The vulnerability exists in BLUVOYIX due to design flaws in the email sending API. An unauthenticated remote attacker co…

Critical

CVE-2026-22240

The vulnerability exists in BLUVOYIX due to an improper password storage implementation and subsequent exposure via unau…

Critical

CVE-2026-22236

The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX backend APIs. An unauthenticated rem…

Critical

CVE-2026-22237

The vulnerability exists in BLUVOYIX due to the exposure of sensitive internal API documentation. An unauthenticated rem…