Description
The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX backend APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable APIs. Successful exploitation of this vulnerability could allow the attacker to gain full access to customers' data and completely compromise the targeted platform.
Published: 2026-01-14
Score: 10 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Data Compromise
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is rooted in the BLUVOYIX backend APIs, where improper authentication allows an attacker who is not authenticated to send crafted HTTP requests and obtain full access to customer data. The result is a comprehensive compromise of the platform, providing the attacker with the ability to read, modify, or delete sensitive information without authorization.

Affected Systems

The affected system is BLUVOYIX from Bluspark Global. No specific version information was supplied, so the impact applies to all iterations of the platform until an official fix is released by the vendor.

Risk and Exploitability

The CVSS base score of 10 indicates maximum severity, yet the EPSS score is under 1%, suggesting low current exploitation probability. The vulnerability is not identified in CISA’s KEV list. Attackers would need remote network access to the backend APIs, and the payload is delivered via HTTP requests, implying a network‑based attack vector. Given the high severity and complete loss of data integrity, the overall risk remains critical pending a patch.

Generated by OpenCVE AI on April 18, 2026 at 06:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest vendor patch or upgrade to a fixed version of BLUVOYIX.
  • If no patch is available, restrict external access to the backend API endpoints using firewall rules or network segmentation.
  • Consider blocking or limiting HTTP traffic to the API endpoints until a vendor remediation is applied.

Generated by OpenCVE AI on April 18, 2026 at 06:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://blusparkglobal.com/bluvoyix/ cve-icon cve-icon
History

Mon, 02 Feb 2026 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Blusparkglobal
Blusparkglobal bluvoyix
CPEs cpe:2.3:a:blusparkglobal:bluvoyix:-:*:*:*:*:*:*:*
Vendors & Products Blusparkglobal
Blusparkglobal bluvoyix
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Thu, 15 Jan 2026 08:15:00 +0000

Type Values Removed Values Added
First Time appeared Bluspark Global
Bluspark Global bluvoyix
Vendors & Products Bluspark Global
Bluspark Global bluvoyix

Wed, 14 Jan 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 14 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
Description The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX backend APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable APIs. Successful exploitation of this vulnerability could allow the attacker to gain full access to customers' data and completely compromise the targeted platform.
Title Improper Authentication Vulnerability in BLUVOYIX
Weaknesses CWE-287
References
Metrics cvssV4_0

{'score': 10, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/RE:M/U:Red'}

Subscriptions

Bluspark Global Bluvoyix
Blusparkglobal Bluvoyix
cve-icon MITRE

Status: PUBLISHED

Assigner: MHV

Published:

Updated: 2026-01-14T15:01:50.769Z

Reserved: 2026-01-06T23:20:59.364Z

Link: CVE-2026-22236

cve-icon Vulnrichment

Updated: 2026-01-14T15:01:47.278Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-14T15:16:04.580

Modified: 2026-02-02T15:49:19.107

Link: CVE-2026-22236

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T06:30:25Z

Weaknesses