GRID Organiser App co.gridapp.organiser app.json hard-coded key_CVE-2026-5454

4.8 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was found in GRID Organiser App up to 1.0.5 on Android. Impacted is an unknown function of the file file res/raw/app.json of the component co.gridapp.organiser. Performing a manipulation of the argument SegmentWriteKey results in use of hard-coded cryptographic key
. The attack is only possible with local access. The exploit has been made public and could be used.

Basic Information

ID CVE-2026-5454

Source VulDB

Published Apr 3, 2026 at 04:45

Modified Apr 3, 2026 at 20:01

Affected Product

Vendor GRID

Product Organiser App

Version 1.0.0

Affected Versions GRID Organiser App 1.0.0
GRID Organiser App 1.0.1
GRID Organiser App 1.0.2
GRID Organiser App 1.0.3
GRID Organiser App 1.0.4
GRID Organiser App 1.0.5

CWE Classification

CWE-321 CWE-320

References

{
    "lastseen": "",
    "description": "A vulnerability was found in GRID Organiser App up to 1.0.5 on Android. Impacted is an unknown function of the file file\u00a0res/raw/app.json of the component co.gridapp.organiser. Performing a manipulation of the argument SegmentWriteKey results in use of hard-coded cryptographic key\r . The attack is only possible with local access. The exploit has been made public and could be used.",
    "published": "2026-04-03T04:45:10.403Z",
    "modified": "2026-04-03T20:01:09.963Z",
    "type": "cve",
    "title": "GRID Organiser App co.gridapp.organiser app.json hard-coded key",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/355042\nhttps://vuldb.com/vuln/355042/cti\nhttps://vuldb.com/submit/781759\nhttps://www.notion.so/Segment-Write-Key-Exposure-Leading-to-Data-Injection-and-User-Profile-Manipulation-In-co-gridapp-org-3262de3f97fb801b9173c4851c7ad864?source=copy_link",
    "id": "CVE-2026-5454",
    "bulletinFamily": "",
    "cwe": [
        "CWE-321",
        "CWE-320"
    ],
    "cvelist": null,
    "sourceData": "GRID Organiser App 1.0.0\nGRID Organiser App 1.0.1\nGRID Organiser App 1.0.2\nGRID Organiser App 1.0.3\nGRID Organiser App 1.0.4\nGRID Organiser App 1.0.5",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Organiser App",
    "version": "1.0.0",
    "vendor": "GRID",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}