← Volver a CVEs
CVE-2026-22240
HIGH7.5
Descripcion
The vulnerability exists in BLUVOYIX due to an improper password storage implementation and subsequent exposure via unauthenticated APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable users API to retrieve the plaintext passwords of all user users. Successful exploitation of this vulnerability could allow the attacker to gain full access to customers' data and completely compromise the targeted platform by logging in using an exposed admin email address and password.
Detalles CVE
Puntuacion CVSS v3.17.5
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado1/14/2026
Ultima modificacion2/2/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
blusparkglobal:bluvoyix
Debilidades (CWE)
CWE-200CWE-312CWE-522CWE-522
Referencias
https://blusparkglobal.com/bluvoyix/(56a186b1-7f5e-4314-ba38-38d5499fccfd)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.