Platform
other
Component
bluvoyix
Fixed in
0.0.1
CVE-2026-22238 describes an authentication bypass vulnerability within the BLUVOYIX admin APIs. This flaw allows an unauthenticated attacker to create new user accounts with administrative privileges, effectively granting them complete control over the platform. The vulnerability impacts versions 0–0 of BLUVOYIX and is addressed with an upgrade to version 0.0.1.
The impact of CVE-2026-22238 is severe. Successful exploitation allows an attacker to bypass authentication entirely and create an administrator account. This grants them unrestricted access to all customer data stored within the BLUVOYIX platform. An attacker could exfiltrate sensitive information, modify data, or even completely disable the service. The ability to create an admin account represents a complete compromise of the targeted environment, enabling persistent access and control. This vulnerability is particularly concerning given the potential for widespread data exposure and disruption of service.
CVE-2026-22238 was publicly disclosed on 2026-01-14. There is currently no indication of active exploitation or a KEV listing. No public proof-of-concept (POC) code is currently available, but the vulnerability's ease of exploitation suggests that a POC could be developed relatively quickly. Organizations using BLUVOYIX should prioritize patching to prevent potential exploitation.
Exploit Status
EPSS
0.24% (47% percentile)
CISA SSVC
The primary mitigation for CVE-2026-22238 is to immediately upgrade BLUVOYIX to version 0.0.1. If upgrading is not immediately feasible, consider implementing strict network segmentation to limit external access to the BLUVOYIX admin APIs. Review and restrict API access controls to ensure only authorized users can access administrative functions. Monitor API logs for suspicious activity, specifically looking for attempts to create new user accounts with elevated privileges. While a WAF might offer some protection, it is not a substitute for patching the underlying vulnerability. After upgrading, verify the fix by attempting to access the admin API without authentication and confirming that user creation is prevented.
Update BLUVOYIX to a patched version that resolves the administrator account creation vulnerability. Contact the vendor, Bluspark Global, for the updated version. Implement robust access controls and authentication in the admin APIs.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-22238 is an authentication bypass vulnerability in BLUVOYIX that allows unauthenticated attackers to create admin users, gaining full control.
If you are using BLUVOYIX versions 0–0, you are affected by this vulnerability and should upgrade immediately.
Upgrade BLUVOYIX to version 0.0.1. If immediate upgrade is not possible, implement network segmentation and restrict API access.
There is currently no confirmed active exploitation, but the vulnerability's ease of exploitation suggests it could be targeted.
Refer to the BLUVOYIX security advisory for details and further guidance: [Assume BLUVOYIX has a public advisory page]
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.