CVE-2026-5454: Use of Hard-coded Cryptographic Key in GRID Organiser App
A vulnerability was found in GRID Organiser App up to 1.0.5 on Android. Impacted is an unknown function of the file file res/raw/app.json of the component co.gridapp.organiser. Performing a manipulation of the argument SegmentWriteKey results in use of hard-coded cryptographic key . The attack is only possible with local access. The exploit has been made public and could be used.
AI Analysis
Technical Summary
This vulnerability in the GRID Organiser App (versions 1.0.0 through 1.0.5) arises from the use of a hard-coded cryptographic key within an unknown function tied to the file res/raw/app.json. An attacker with local access can manipulate the SegmentWriteKey argument to exploit this weakness. The CVSS 4.0 vector indicates the attack requires local access with low complexity and no user interaction, resulting in limited confidentiality impact and no integrity or availability impact. The exploit has been made public, but no vendor patch or fix information is provided.
Potential Impact
The use of a hard-coded cryptographic key can weaken the security of cryptographic operations, potentially allowing an attacker with local access to bypass protections relying on this key. The impact is limited to confidentiality with no reported effect on integrity or availability. The vulnerability requires local access and low attack complexity, reducing the likelihood of remote exploitation. No known exploits are reported in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict local access to affected devices and consider monitoring for unauthorized local activity. Avoid relying on the affected cryptographic function for sensitive operations if possible.
CVE-2026-5454: Use of Hard-coded Cryptographic Key in GRID Organiser App
Description
A vulnerability was found in GRID Organiser App up to 1.0.5 on Android. Impacted is an unknown function of the file file res/raw/app.json of the component co.gridapp.organiser. Performing a manipulation of the argument SegmentWriteKey results in use of hard-coded cryptographic key . The attack is only possible with local access. The exploit has been made public and could be used.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in the GRID Organiser App (versions 1.0.0 through 1.0.5) arises from the use of a hard-coded cryptographic key within an unknown function tied to the file res/raw/app.json. An attacker with local access can manipulate the SegmentWriteKey argument to exploit this weakness. The CVSS 4.0 vector indicates the attack requires local access with low complexity and no user interaction, resulting in limited confidentiality impact and no integrity or availability impact. The exploit has been made public, but no vendor patch or fix information is provided.
Potential Impact
The use of a hard-coded cryptographic key can weaken the security of cryptographic operations, potentially allowing an attacker with local access to bypass protections relying on this key. The impact is limited to confidentiality with no reported effect on integrity or availability. The vulnerability requires local access and low attack complexity, reducing the likelihood of remote exploitation. No known exploits are reported in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict local access to affected devices and consider monitoring for unauthorized local activity. Avoid relying on the affected cryptographic function for sensitive operations if possible.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-04-02T22:14:07.769Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 69cf4ec6e6bfc5ba1d76734c
Added to database: 4/3/2026, 5:23:18 AM
Last enriched: 4/3/2026, 5:30:59 AM
Last updated: 4/3/2026, 7:50:40 AM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.