CVE-2026-5453

LOW

Rico só vantagem pra investir App br.com.rico.mobile SegmentSettingsModule.java hard-coded key

Title source: cna

Description

A vulnerability has been found in Rico só vantagem pra investir App up to 4.58.32.12421 on Android. This issue affects some unknown processing of the file br/com/rico/mobile/di/SegmentSettingsModule.java of the component br.com.rico.mobile. Such manipulation of the argument SEGMENT_WRITE_KEY leads to use of hard-coded cryptographic key . The attack can only be performed from a local environment. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References (4)

Core 4

Core References

Vdb Entry, Technical Description vdb-entry technical-description

VDB-355041 | Rico só vantagem pra investir App br.com.rico.mobile SegmentSettingsModule.java hard-coded key

https://vuldb.com/vuln/355041

Signature, Permissions Required signature permissions-required

VDB-355041 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/355041/cti

Third Party Advisory third-party-advisory

Submit #781758 | RICO.COM.VC Rico(br.com.rico.mobile) 4.58.32.12421 Segment Write Key Exposure

https://vuldb.com/submit/781758

Exploit exploit

https://www.notion.so/Segment-Write-Key-Exposure-Leading-to-Data-Injection-and-User-Profile-Manipulation-In-br-com-rico-mo-3262de3f97fb800a9bfef6e6fd7d7179?source=copy_link

Scores

CVSS v3 3.3

EPSS 0.0014

EPSS Percentile 3.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-320 CWE-321

Status published

Products (1)

Rico/só vantagem pra investir App 4.58.32.12421

Published Apr 03, 2026

Tracked Since Apr 03, 2026