CVE-2026-4219
INDEX Conferences & Exhibitions Organization YWF BPOF APGCS App ae.index.apgcs BuildConfig.java hard-coded credentials
CVSS Score
3.3
EPSS Score
0.0%
EPSS Percentile
0th
A flaw has been found in INDEX Conferences & Exhibitions Organization YWF BPOF APGCS App up to 1.0.2 on Android. Affected by this vulnerability is an unknown functionality of the file com/index/event/BuildConfig.java of the component ae.index.apgcs. Executing a manipulation of the argument ACCESS_KEY/HASH_KEY can lead to hard-coded credentials. The attack is restricted to local execution. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
| CWE | CWE-798 CWE-259 |
| Vendor | index conferences & exhibitions organization |
| Product | ywf bpof apgcs app |
| Published | Mar 16, 2026 |
| Last Updated | Mar 16, 2026 |
Stay Ahead of the Next One
Get instant alerts for index conferences & exhibitions organization ywf bpof apgcs app
Be the first to know when new low vulnerabilities affecting index conferences & exhibitions organization ywf bpof apgcs app are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
INDEX Conferences & Exhibitions Organization / YWF BPOF APGCS App
1.0.0 1.0.1 1.0.2
References
vuldb.com: https://vuldb.com/?id.351143 vuldb.com: https://vuldb.com/?ctiid.351143 vuldb.com: https://vuldb.com/?submit.770513 notion.so: https://www.notion.so/Authorization-Credentials-in-ae-index-apgcs-Lead-to-Exposure-of-Backend-Secrets-3172de3f97fb8040bc30c5519a742251?source=copy_link notion.so: https://www.notion.so/Authorization-Credentials-in-ae-index-apgcs-Lead-to-Exposure-of-Backend-Secrets-3172de3f97fb8040bc30c5519a742251
Credits
๐ fxizenta (VulDB User) VulDB