CVE-2026-5454

Summary

A vulnerability was found in GRID Organiser App up to 1.0.5 on Android. Impacted is an unknown function of the file file res/raw/app.json of the component co.gridapp.organiser. Performing a manipulation of the argument SegmentWriteKey results in use of hard-coded cryptographic key . The attack is only possible with local access. The exploit has been made public and could be used.

Affected Software

VendorProductVersion RangeStatus
GRIDOrganiser App1.0.0affected
GRIDOrganiser App1.0.1affected
GRIDOrganiser App1.0.2affected
GRIDOrganiser App1.0.3affected
GRIDOrganiser App1.0.4affected
GRIDOrganiser App1.0.5affected

Weaknesses

  • CWE-321: Use of Hard-coded Cryptographic Key
  • CWE-320: Key Management Error

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References