PT-2026-2862 · Bluvoyix · Bluvoyix
Eaton Zveare
·
Published
2026-01-14
·
Updated
2026-01-14
·
CVE-2026-22239
CVSS v4.0
10
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/RE:H/U:Amber |
Name of the Vulnerable Software and Affected Versions
BLUVOYIX (affected versions not specified)
Description
A design flaw in the email sending API of BLUVOYIX allows an unauthenticated remote attacker to send specially crafted HTTP requests to the vulnerable API. Successful exploitation could enable the attacker to send unsolicited emails to any recipient on behalf of the company. The vulnerable API endpoint is the email sending API. The attack involves sending crafted HTTP requests.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bluvoyix