EUVD-2026-18603
GHSA-8mvv-fc8c-63jh
CVSS Vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Description
A vulnerability was determined in Dialogue App up to 4.3.2 on Android. The affected element is an unknown function of the file file res/raw/config.json of the component ca.diagram.dialogue. Executing a manipulation of the argument SEGMENT_WRITE_KEY can lead to use of hard-coded cryptographic key . The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Analysis
Dialogue App versions 4.3.0 through 4.3.2 on Android use a hard-coded cryptographic key in the SEGMENT_WRITE_KEY parameter within res/raw/config.json, allowing local authenticated attackers to perform unauthorized data injection and user profile manipulation on the device. The vulnerability has a CVSS score of 1.9 (minimal severity) but publicly available exploit code exists; however, the low CVSS score reflects the local-only attack vector and limited impact scope. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today