QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2026-22238

Back to search

CVE-2026-22238

Published: Jan 14, 2026

Modified: Jan 14, 2026

PUBLISHED

Description

The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX admin APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable admin API to create a new user with admin privileges. Successful exploitation of this vulnerability could allow the attacker to gain full access to customers' data and completely compromise the targeted platform by logging in to the newly-created admin user.

VendorProductVersions

Bluspark Global

BLUVOYIX

affected
0

Weaknesses (CWE)

CWE-306
CWE-269

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now