CRITICAL🇵🇱 Wersja polska

CVE-2026-22237

CVSS 10.0v4.0pub. 2026-01-14upd. 2026-02-02

The vulnerability exists in BLUVOYIX due to the exposure of sensitive internal API documentation. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the APIs exposed by the documentation. Successful exploitation of this vulnerability could allow the attacker to cause damage to the targeted platform by abusing internal functionality.

🤖 AI Analysis
How it works

Internal API documentation is available without authentication, revealing details about the operation and structure of the product's programming interfaces. An unauthenticated attacker remotely sends specially crafted HTTP requests to the endpoints described in this documentation. By abusing the disclosed internal functions, it is possible to cause damage to the attacked platform.

Impact

An attacker can remotely abuse internal functions of the BLUVOYIX platform without any authentication, causing damage to its operation, data integrity, and service availability. Due to full impact on the confidentiality, integrity, and availability of both the target system and related systems, the consequences may be critical in nature.

Mitigation & patch

Patches available from the manufacturer should be applied according to references. Additionally, it is recommended to restrict access to API documentation exclusively for authenticated and authorized users, and to monitor HTTP traffic directed to internal API endpoints.

Who is affected

Blusparkglobal BLUVOYIX product — specific versions were not indicated in the description; details available in manufacturer references.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:L/U:Amber
  • Blusparkglobal Bluvoyix

    APP
    Blusparkglobal
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-22236CRITICAL10.0PL ✓ten sam produkt

Pominięcie uwierzytelnienia w Blusparkglobal BLUVOYIX (Auth Bypass)

CVE-2026-22238CRITICAL10.0PL ✓ten sam produkt

Brak uwierzytelnienia w admin API Blusparkglobal BLUVOYIX — pełne przejęcie platformy

CVE-2026-22239CRITICAL10.0PL ✓ten sam produkt

Blusparkglobal Bluvoyix — niekontrolowane wysyłanie e-maili przez API

CVE-2026-22240CRITICAL10.0PL ✓ten sam produkt

BLUVOYIX: ujawnienie haseł w postaci jawnej przez nieuwierzytelnione API