Description
The vulnerability exists in BLUVOYIX due to the exposure of sensitive internal API documentation. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the APIs exposed by the documentation. Successful exploitation of this vulnerability could allow the attacker to cause damage to the targeted platform by abusing internal functionality.
Published: 2026-01-14
Score: 10 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized API Access
Action: Assess Impact
AI Analysis

Impact

The documented vulnerability in BLUVOYIX arises because vital internal API documentation is exposed to unauthenticated users. An attacker can send specially crafted HTTP requests to the endpoints revealed by the exposed docs, potentially gaining the ability to manipulate internal processes and data. This flaw allows remote execution of functions that were intended to remain restricted, increasing the risk of data breach or service disruption.

Affected Systems

Bluspark Global’s BLUVOYIX product is affected. No specific version information is supplied in the advisory.

Risk and Exploitability

The CVSS score of 10 classifies the issue as critical, indicating that success would have a severe impact on confidentiality, integrity, and availability. The EPSS score is less than 1 %, suggesting that real‑world exploitation is not yet widespread, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is an unauthenticated remote attacker sending HTTP requests to publicly reachable API endpoints that were inadvertently documented. Proper authentication or network isolation would prevent such exploitation, but as currently exposed, any system to which the API is reachable could be abused.

Generated by OpenCVE AI on April 18, 2026 at 06:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Limit or remove publicly accessible internal API documentation to prevent reuse by attackers
  • Enforce network segmentation or firewall rules that block external access to internal API endpoints
  • Regularly monitor vendor releases and apply any security updates or patches as soon as they become available

Generated by OpenCVE AI on April 18, 2026 at 06:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://blusparkglobal.com/bluvoyix/ cve-icon cve-icon
History

Mon, 02 Feb 2026 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Blusparkglobal
Blusparkglobal bluvoyix
CPEs cpe:2.3:a:blusparkglobal:bluvoyix:-:*:*:*:*:*:*:*
Vendors & Products Blusparkglobal
Blusparkglobal bluvoyix
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Thu, 15 Jan 2026 08:15:00 +0000

Type Values Removed Values Added
First Time appeared Bluspark Global
Bluspark Global bluvoyix
Vendors & Products Bluspark Global
Bluspark Global bluvoyix

Wed, 14 Jan 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 14 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
Description The vulnerability exists in BLUVOYIX due to the exposure of sensitive internal API documentation. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the APIs exposed by the documentation. Successful exploitation of this vulnerability could allow the attacker to cause damage to the targeted platform by abusing internal functionality.
Title Exposed Internal API Documentation Vulnerability in BLUVOYIX
Weaknesses CWE-200
References
Metrics cvssV4_0

{'score': 10, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/RE:L/U:Amber'}

Subscriptions

Bluspark Global Bluvoyix
Blusparkglobal Bluvoyix
cve-icon MITRE

Status: PUBLISHED

Assigner: MHV

Published:

Updated: 2026-01-14T15:00:36.337Z

Reserved: 2026-01-06T23:20:59.365Z

Link: CVE-2026-22237

cve-icon Vulnrichment

Updated: 2026-01-14T15:00:32.736Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-14T15:16:04.780

Modified: 2026-02-02T15:50:01.883

Link: CVE-2026-22237

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T06:30:25Z

Weaknesses