{"cve":{"cve_id":"CVE-2026-22237","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00422,"epss_percentile":0.33651,"epss_as_of":"2026-06-23","description":"The vulnerability exists in BLUVOYIX due to the exposure of sensitive internal API documentation. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the APIs exposed by the documentation. Successful exploitation of this vulnerability could allow the attacker to cause damage to the targeted platform by abusing internal functionality.","published_at":"2026-01-14T14:36:47.670000Z","last_modified_at":null,"cvss_v3_score":null,"cvss_v3_vector":null,"cvss_v3_severity":null,"cvss_v4_score":10.0,"cvss_v4_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/RE:L/U:Amber","cvss_v4_severity":"CRITICAL","ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-200"],"nvd_references":["https://blusparkglobal.com/bluvoyix/"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:29:09.411477Z"},"effective_severity":"CRITICAL","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":null,"metrics":[]},"cvss_v4_decoded":{"version":"4.0","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"AT","name":"Attack Requirements","value":"N","value_label":"None"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"VC","name":"Confidentiality (Vulnerable System)","value":"H","value_label":"High"},{"metric":"VI","name":"Integrity (Vulnerable System)","value":"H","value_label":"High"},{"metric":"VA","name":"Availability (Vulnerable System)","value":"H","value_label":"High"},{"metric":"SC","name":"Confidentiality (Subsequent System)","value":"H","value_label":"High"},{"metric":"SI","name":"Integrity (Subsequent System)","value":"H","value_label":"High"},{"metric":"SA","name":"Availability (Subsequent System)","value":"H","value_label":"High"},{"metric":"RE","name":"RE","value":"L","value_label":"Low"},{"metric":"U","name":"U","value":"Amber","value_label":"Amber"}]},"affected":[{"vendor_slug":"bluspark-global","vendor_name":"Bluspark Global","product_slug":"bluvoyix","product_name":"BLUVOYIX","version_start":"0","version_start_inclusive":true,"version_end":"0","version_end_inclusive":true,"cpe23_uri":"cve5:bluspark-global:bluvoyix:0:0"}],"exploit_refs":[],"news":[],"references":[{"url":"https://blusparkglobal.com/bluvoyix/","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2026-01-14T14:36:47.670000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:51:33.019078Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:51:33.019078Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:51:33.019078Z","label":"CVSS score revised","source":"cvelistv5"}]}