CVE-2026-5454

LOW NVD

CVSS Score 3.3

Severity LOW

Published Apr 03, 2026

Vendor unknown

Description

A vulnerability was found in GRID Organiser App up to 1.0.5 on Android. Impacted is an unknown function of the file file res/raw/app.json of the component co.gridapp.organiser. Performing a manipulation of the argument SegmentWriteKey results in use of hard-coded cryptographic key . The attack is only possible with local access. The exploit has been made public and could be used.

References

https://vuldb.com/submit/781759
https://vuldb.com/vuln/355042
https://vuldb.com/vuln/355042/cti
https://www.notion.so/Segment-Write-Key-Exposure-Leading-to-Data-Injection-and-User-Profile-Manipulation-In-co-gridapp-org-3262de3f97fb801b9173c4851c7ad864?source=copy_link