CVE-2026-22237 CRITICAL

CVE-2026-22237: Exposed Internal API Documentation Vulnerability in BLUVOYIX

Vendor Bluspark Global

Product BLUVOYIX

Weakness CWE-200 · Info exposure

Published January 14, 2026

Last update January 14, 2026

View on NVD All CVEs

CVSS base score

10.0/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/RE:L/U:Amber

What the vulnerability does

01Description

The vulnerability exists in BLUVOYIX due to the exposure of sensitive internal API documentation. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the APIs exposed by the documentation. Successful exploitation of this vulnerability could allow the attacker to cause damage to the targeted platform by abusing internal functionality.

Key dates

02Disclosure timeline

January 14, 2026 CVE published

January 14, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-22237 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

CVE-2026-22237: Exposed Internal API Documentation Vulnerability in BLUVOYIX

01Description

02Disclosure timeline

03References

04Related CVE