CVE-2026-5452

LOW

UCC CampusConnect App campusconnect.ucc BuildConfig.java hard-coded key

Title source: cna

Description

A flaw has been found in UCC CampusConnect App up to 14.3.5 on Android. This vulnerability affects unknown code of the file campusconnect/BuildConfig.java of the component campusconnect.ucc. This manipulation causes use of hard-coded cryptographic key . The attack can only be executed locally. The exploit has been published and may be used.

References (4)

Core 4

Core References

Vdb Entry vdb-entry

VDB-355040 | UCC CampusConnect App campusconnect.ucc BuildConfig.java hard-coded key

https://vuldb.com/vuln/355040

Signature, Permissions Required signature permissions-required

VDB-355040 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/355040/cti

Third Party Advisory third-party-advisory

Submit #781757 | CampusConnect™ UCC CampusConnect(campusconnect.ucc) 14.3.5 Uploadcare Private Key Exposure

https://vuldb.com/submit/781757

Exploit exploit

https://www.notion.so/Uploadcare-Private-Key-Exposure-Leading-to-Unauthorized-File-Operations-and-Potential-RCE-in-campusc-3262de3f97fb8057bc67ec4320672d99?source=copy_link

Scores

CVSS v3 3.3

EPSS 0.0014

EPSS Percentile 4.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-320 CWE-321

Status published

Products (6)

UCC/CampusConnect App 14.3.0

UCC/CampusConnect App 14.3.1

UCC/CampusConnect App 14.3.2

UCC/CampusConnect App 14.3.3

UCC/CampusConnect App 14.3.4

UCC/CampusConnect App 14.3.5

Published Apr 03, 2026

Tracked Since Apr 03, 2026