← volver
CVE-2026-5454

GRID Organiser App co.gridapp.organiser app.json hard-coded key

CVSS 4.8 MEDIUMEPSS 0.1%CWE-320CWE-321
Vexday Risk Score
33Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS 4.8EPSS 0.1%KEV nãoPoC públicaNuclei Metasploit Patch
Ciclo de vida
03 abr 2026Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
A vulnerability was found in GRID Organiser App up to 1.0.5 on Android. Impacted is an unknown function of the file file res/raw/app.json of the component co.gridapp.organiser. Performing a manipulation of the argument SegmentWriteKey results in use of hard-coded cryptographic key . The attack is only possible with local access. The exploit has been made public and could be used.
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
Productos afectados
GRID · Organiser App
PoCs públicas encontradas1
cve_referencewww.notion.so/Segment-Write-Key-Exposure-Leading-to-Data-Injection-and-User-Profile-Manipulation-In-co-gridapp-org-3262de3f97fb801b9173c4851c7ad864?source=copy_linkno verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://vuldb.com/submit/781759https://vuldb.com/vuln/355042https://vuldb.com/vuln/355042/ctihttps://www.notion.so/Segment-Write-Key-Exposure-Leading-to-Data-Injection-and-User-Profile-Manipulation-In-co-gridapp-org-3262de3f97fb801b9173c4851c7ad864?source=copy_link