CVE-2026-22240

Name of the Vulnerable Software and Affected Versions BLUVOYIX (affected versions not specified)

Description The software contains a flaw related to insecure password storage and exposure through unauthenticated APIs. An unauthenticated remote attacker could potentially retrieve plaintext passwords of users by sending crafted HTTP requests to the users API. Successful exploitation may grant the attacker full access to customer data and complete compromise of the platform, potentially through login using an exposed admin email address and password.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.