EUVD-2026-18799

| CVE-2026-5471 LOW
2026-04-03 VulDB GHSA-72gv-p948-6p6r
1.9
CVSS 4.0

CVSS Vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
PoC Detected
Apr 07, 2026 - 13:20 vuln.today
Public exploit code
Analysis Generated
Apr 03, 2026 - 16:00 vuln.today
EUVD ID Assigned
Apr 03, 2026 - 16:00 euvd
EUVD-2026-18799
CVE Published
Apr 03, 2026 - 15:45 nvd
LOW 1.9

Tags

Google Information Disclosure

Description

A vulnerability was detected in Investory Toy Planet Trouble App up to 1.5.5 on Android. Impacted is an unknown function of the file assets/google-services-desktop.json of the component app.investory.toyfactory. The manipulation of the argument current_key results in use of hard-coded cryptographic key . The attack must be initiated from a local position. The exploit is now public and may be used.

Analysis

Hard-coded cryptographic key exposure in Investory Toy Planet Trouble App up to version 1.5.5 on Android allows local attackers with limited privileges to access the Firebase API key embedded in the assets/google-services-desktop.json file, potentially enabling unauthorized authentication and data access. The vulnerability has a CVSS score of 1.9 with low confidentiality impact, requires local access and low privileges, and publicly available exploit code exists.

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

30
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +10
POC: +20

Share

EUVD-2026-18799 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy