CVE-2026-22237CRITICAL 9.8EPSS p33.6%

CVE-2026-22237CVE-2026-22237

Description

The vulnerability exists in BLUVOYIX due to the exposure of sensitive internal API documentation. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the APIs exposed by the documentation. Successful exploitation of this vulnerability could allow the attacker to cause damage to the targeted platform by abusing internal functionality.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.42% probability of exploitation · percentile 33.6% · 2026-06-19T12:03:05Z
Published2026-01-14
Last modified2026-02-02

Underlying weaknesses· 1

CWE-200

References

  1. https://blusparkglobal.com/bluvoyix/

1

TypeTargetConfidenceTier
WeaknessExposure of Sensitive Information to an Unauthorized Actorcwe-2000%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-22236
CVE
CVE-2026-22238
CVE
CVE-2025-25268
CVE
CVE-2025-12477
CVE
CVE-2026-23899
CVE
CVE-2026-41032
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.