Bluvoyix
CVE-2026-22237
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
The vulnerability exists in BLUVOYIX due to the exposure of sensitive internal API documentation. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the APIs exposed by the documentation. Successful exploitation of this vulnerability could allow the attacker to cause damage to the targeted platform by abusing internal functionality.
AnalysisAI
BLUVOYIX exposes internal API documentation publicly, allowing attackers to discover and abuse internal functionality.
Technical ContextAI
Sensitive API documentation is accessible without authentication (CWE-200).
RemediationAI
Restrict API documentation access. Implement authentication.
BLUVOYIX admin APIs allow unauthenticated creation of admin users, enabling complete platform takeover.
BLUVOYIX platform has unauthenticated API access allowing full customer data extraction and platform compromise.
Bluvoyix stores user passwords in plaintext and exposes them through unauthenticated APIs, allowing remote attackers to
BLUVOYIX's email sending API contains design flaws that permit unauthenticated attackers to send arbitrary emails on beh
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today