CVE-2026-5452

Summary

A flaw has been found in UCC CampusConnect App up to 14.3.5 on Android. This vulnerability affects unknown code of the file campusconnect/BuildConfig.java of the component campusconnect.ucc. This manipulation causes use of hard-coded cryptographic key . The attack can only be executed locally. The exploit has been published and may be used.

Affected Software

VendorProductVersion RangeStatus
UCCCampusConnect App14.3.0affected
UCCCampusConnect App14.3.1affected
UCCCampusConnect App14.3.2affected
UCCCampusConnect App14.3.3affected
UCCCampusConnect App14.3.4affected
UCCCampusConnect App14.3.5affected

Weaknesses

  • CWE-321: Use of Hard-coded Cryptographic Key
  • CWE-320: Key Management Error

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References