CVE-2026-5454

LOW

GRID Organiser App co.gridapp.organiser app.json hard-coded key

Title source: cna

Description

A vulnerability was found in GRID Organiser App up to 1.0.5 on Android. Impacted is an unknown function of the file file res/raw/app.json of the component co.gridapp.organiser. Performing a manipulation of the argument SegmentWriteKey results in use of hard-coded cryptographic key . The attack is only possible with local access. The exploit has been made public and could be used.

References (4)

Core 4

Core References

Vdb Entry, Technical Description vdb-entry technical-description

VDB-355042 | GRID Organiser App co.gridapp.organiser app.json hard-coded key

https://vuldb.com/vuln/355042

Signature, Permissions Required signature permissions-required

VDB-355042 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/355042/cti

Third Party Advisory third-party-advisory

Submit #781759 | GRID GmbH GRID ORGANISER(co.gridapp.organiser) 1.0.5 Segment Write Key Exposure

https://vuldb.com/submit/781759

Exploit exploit

https://www.notion.so/Segment-Write-Key-Exposure-Leading-to-Data-Injection-and-User-Profile-Manipulation-In-co-gridapp-org-3262de3f97fb801b9173c4851c7ad864?source=copy_link

Scores

CVSS v3 3.3

EPSS 0.0014

EPSS Percentile 3.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-320 CWE-321

Status published

Products (6)

GRID/Organiser App 1.0.0

GRID/Organiser App 1.0.1

GRID/Organiser App 1.0.2

GRID/Organiser App 1.0.3

GRID/Organiser App 1.0.4

GRID/Organiser App 1.0.5

Published Apr 03, 2026

Tracked Since Apr 03, 2026