CVE-2026-5454

LOW CVSS 3.3 View on NVD ↗

Description

A vulnerability was found in GRID Organiser App up to 1.0.5 on Android. Impacted is an unknown function of the file file res/raw/app.json of the component co.gridapp.organiser. Performing a manipulation of the argument SegmentWriteKey results in use of hard-coded cryptographic key . The attack is only possible with local access. The exploit has been made public and could be used.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References

https://vuldb.com/submit/781759
https://vuldb.com/vuln/355042
https://vuldb.com/vuln/355042/cti
https://www.notion.so/Segment-Write-Key-Exposure-Leading-to-Data-Injection-and-User-Profile-Manipulation-In-co-gridapp-org-3262de3f97fb801b9173c4851c7ad864?source=copy_link

Published: Apr 03, 2026 05:16 UTC Modified: Apr 03, 2026 16:10 UTC