EUVD-2026-18599
GHSA-v55w-28r9-q537
CVSS Vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Description
A vulnerability was found in GRID Organiser App up to 1.0.5 on Android. Impacted is an unknown function of the file file res/raw/app.json of the component co.gridapp.organiser. Performing a manipulation of the argument SegmentWriteKey results in use of hard-coded cryptographic key . The attack is only possible with local access. The exploit has been made public and could be used.
Analysis
GRID Organiser App versions 1.0.0 through 1.0.5 on Android expose a hard-coded cryptographic key used for the SegmentWriteKey parameter in the res/raw/app.json component file, enabling local attackers with user-level privileges to manipulate argument values and potentially perform data injection and user profile manipulation. The vulnerability has a CVSS v4.0 score of 1.9 with low confidentiality impact, requires local access and low privileges, and publicly available exploit code exists, though active exploitation has not been confirmed by CISA.
Sign in for full analysis, threat intelligence, and remediation guidance.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today