CVE-2026-5452
LOWUCC CampusConnect App campusconnect.ucc BuildConfig.java hard-coded key
Title source: cnaDescription
A flaw has been found in UCC CampusConnect App up to 14.3.5 on Android. This vulnerability affects unknown code of the file campusconnect/BuildConfig.java of the component campusconnect.ucc. This manipulation causes use of hard-coded cryptographic key . The attack can only be executed locally. The exploit has been published and may be used.
References (4)
Scores
CVSS v3
3.3
EPSS
0.0001
EPSS Percentile
0.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-320
CWE-321
Status
published
Products (6)
UCC/CampusConnect App
14.3.0
UCC/CampusConnect App
14.3.1
UCC/CampusConnect App
14.3.2
UCC/CampusConnect App
14.3.3
UCC/CampusConnect App
14.3.4
UCC/CampusConnect App
14.3.5
Published
Apr 03, 2026
Tracked Since
Apr 03, 2026