CVE 10 CRITICAL

Email Sending Vulnerability in BLUVOYIX_CVE-2026-22239

January 14, 2026 invoker category_cve

10 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/RE:H/U:Amber

Description

The vulnerability exists in BLUVOYIX due to design flaws in the email sending API. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable email sending API. Successful exploitation of this vulnerability could allow the attacker to send unsolicited emails to anyone on behalf of the company.

AI Analysis

Unauthenticated remote attacker could exploit the email sending API vulnerability to send unsolicited emails

Basic Information

ID CVE-2026-22239

Source MHV

Published Jan 14, 2026 at 14:40

Modified Jan 14, 2026 at 14:56

Affected Product

Vendor Bluspark Global

Product BLUVOYIX

Affected Versions Bluspark Global BLUVOYIX 0

CWE Classification

CWE-400

AI Assessment

AI Score 10 / 10

AI Severity Critical

Vendor Bluspark Global

Product BLUVOYIX

References

blusparkglobal.com /bluvoyix/

{
    "lastseen": "",
    "description": "The vulnerability exists in BLUVOYIX due to design flaws in the email sending API. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable email sending API. Successful exploitation of this vulnerability could allow the attacker to send unsolicited emails to anyone on behalf of the company.",
    "published": "2026-01-14T14:40:20.516Z",
    "modified": "2026-01-14T14:56:01.047Z",
    "type": "cve",
    "title": "Email Sending Vulnerability in BLUVOYIX",
    "source": "MHV",
    "references": "https://blusparkglobal.com/bluvoyix/",
    "id": "CVE-2026-22239",
    "bulletinFamily": "",
    "cwe": [
        "CWE-400"
    ],
    "cvelist": null,
    "sourceData": "Bluspark Global BLUVOYIX 0",
    "sourceHref": "",
    "cvss": {
        "score": 10,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/RE:H/U:Amber",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "BLUVOYIX",
    "version": "0",
    "vendor": "Bluspark Global",
    "ai_description": "Unauthenticated remote attacker could exploit the email sending API vulnerability to send unsolicited emails",
    "ai_severity": "Critical",
    "ai_vendor": "Bluspark Global",
    "ai_product": "BLUVOYIX",
    "ai_version": "0",
    "ai_score": 10
}

💭 Join the Security Discussion ❌ Cancel Reply