UCC CampusConnect App campusconnect.ucc BuildConfig.java hard-coded key_CVE-2026-5452

4.8 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Description

A flaw has been found in UCC CampusConnect App up to 14.3.5 on Android. This vulnerability affects unknown code of the file campusconnect/BuildConfig.java of the component campusconnect.ucc. This manipulation causes use of hard-coded cryptographic key
. The attack can only be executed locally. The exploit has been published and may be used.

Basic Information

ID CVE-2026-5452

Source VulDB

Published Apr 3, 2026 at 02:45

Modified Apr 3, 2026 at 14:45

Affected Product

Vendor UCC

Product CampusConnect App

Version 14.3.0

Affected Versions UCC CampusConnect App 14.3.0
UCC CampusConnect App 14.3.1
UCC CampusConnect App 14.3.2
UCC CampusConnect App 14.3.3
UCC CampusConnect App 14.3.4
UCC CampusConnect App 14.3.5

CWE Classification

CWE-321 CWE-320

References

{
    "lastseen": "",
    "description": "A flaw has been found in UCC CampusConnect App up to 14.3.5 on Android. This vulnerability affects unknown code of the file campusconnect/BuildConfig.java of the component campusconnect.ucc. This manipulation causes use of hard-coded cryptographic key\r . The attack can only be executed locally. The exploit has been published and may be used.",
    "published": "2026-04-03T02:45:09.544Z",
    "modified": "2026-04-03T14:45:11.495Z",
    "type": "cve",
    "title": "UCC CampusConnect App campusconnect.ucc BuildConfig.java hard-coded key",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/355040\nhttps://vuldb.com/vuln/355040/cti\nhttps://vuldb.com/submit/781757\nhttps://www.notion.so/Uploadcare-Private-Key-Exposure-Leading-to-Unauthorized-File-Operations-and-Potential-RCE-in-campusc-3262de3f97fb8057bc67ec4320672d99?source=copy_link",
    "id": "CVE-2026-5452",
    "bulletinFamily": "",
    "cwe": [
        "CWE-321",
        "CWE-320"
    ],
    "cvelist": null,
    "sourceData": "UCC CampusConnect App 14.3.0\nUCC CampusConnect App 14.3.1\nUCC CampusConnect App 14.3.2\nUCC CampusConnect App 14.3.3\nUCC CampusConnect App 14.3.4\nUCC CampusConnect App 14.3.5",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "CampusConnect App",
    "version": "14.3.0",
    "vendor": "UCC",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}