CVE-2026-22238

Name of the Vulnerable Software and Affected Versions BLUVOYIX (affected versions not specified)

Description A flaw exists in BLUVOYIX due to inadequate authentication within the BLUVOYIX admin APIs. An attacker without authentication can exploit this by sending crafted HTTP requests to the vulnerable admin API. This allows the creation of a new user with administrative privileges, potentially granting the attacker full access to customer data and complete compromise of the platform. The vulnerable API allows unauthorized user creation with admin rights. The affected API endpoint is the BLUVOYIX admin API.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.