CVE-2026-5454

LOW

GRID Organiser App co.gridapp.organiser app.json hard-coded key

Title source: cna

Description

A vulnerability was found in GRID Organiser App up to 1.0.5 on Android. Impacted is an unknown function of the file file res/raw/app.json of the component co.gridapp.organiser. Performing a manipulation of the argument SegmentWriteKey results in use of hard-coded cryptographic key . The attack is only possible with local access. The exploit has been made public and could be used.

References (4)

[Vdb Entry, Technical Description] https://vuldb.com/vuln/355042

[Signature, Permissions Required] https://vuldb.com/vuln/355042/cti

[Third Party Advisory] https://vuldb.com/submit/781759

[Exploit] https://www.notion.so/Segment-Write-Key-Exposure-Leading-to-Data-Injection-and-User-Profile-Manipulation-In-co-gridapp-org-3262de3f97fb801b9173c4851c7ad864?source=copy_link

Scores

CVSS v3 3.3

EPSS 0.0001

EPSS Percentile 1.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-320 CWE-321

Status published

Products (6)

GRID/Organiser App 1.0.0

GRID/Organiser App 1.0.1

GRID/Organiser App 1.0.2

GRID/Organiser App 1.0.3

GRID/Organiser App 1.0.4

GRID/Organiser App 1.0.5

Published Apr 03, 2026

Tracked Since Apr 03, 2026