CVE-2026-5453

Rico só vantagem pra investir App br.com.rico.mobile SegmentSettingsModule.java hard-coded key

CVSS 4.8 MEDIUMEPSS 0.1%CWE-320 CWE-321

Vexday Risk Score

33Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 4.8EPSS 0.1%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Lifecycle

03 Apr 2026Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

A vulnerability has been found in Rico só vantagem pra investir App up to 4.58.32.12421 on Android. This issue affects some unknown processing of the file br/com/rico/mobile/di/SegmentSettingsModule.java of the component br.com.rico.mobile. Such manipulation of the argument SEGMENT_WRITE_KEY leads to use of hard-coded cryptographic key . The attack can only be performed from a local environment. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Affected products

Rico · só vantagem pra investir App

public PoCs found — 1

cve_referencewww.notion.so/Segment-Write-Key-Exposure-Leading-to-Data-Injection-and-User-Profile-Manipulation-In-br-com-rico-mo-3262de3f97fb800a9bfef6e6fd7d7179?source=copy_linkunverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://vuldb.com/submit/781758 https://vuldb.com/vuln/355041 https://vuldb.com/vuln/355041/cti https://www.notion.so/Segment-Write-Key-Exposure-Leading-to-Data-Injection-and-User-Profile-Manipulation-In-br-com-rico-mo-3262de3f97fb800a9bfef6e6fd7d7179?source=copy_link