CVE-2026-4242

LOW 2.5

BabyChakra Pregnancy & Parenting App app.babychakra.babychakra Configuration.java credentials storage

CVSS Score

2.5

EPSS Score

0.0%

EPSS Percentile

0th

A security flaw has been discovered in BabyChakra Pregnancy & Parenting App up to 5.4.3.0 on Android. This affects an unknown function of the file file app/babychakra/babychakra/Configuration.java of the component app.babychakra.babychakra. Performing a manipulation of the argument SEGMENT_WRITE_KEY results in unprotected storage of credentials. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitability is reported as difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

CWE	CWE-256 CWE-255
Vendor	babychakra
Product	pregnancy & parenting app
Published	Mar 16, 2026
Last Updated	Mar 16, 2026

Stay Ahead of the Next One

Get instant alerts for babychakra pregnancy & parenting app

Be the first to know when new low vulnerabilities affecting babychakra pregnancy & parenting app are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

BabyChakra / Pregnancy & Parenting App

5.4.0 5.4.1 5.4.2 5.4.3.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/?id.351184 vuldb.com: https://vuldb.com/?ctiid.351184 vuldb.com: https://vuldb.com/?submit.771429 notion.so: https://www.notion.so/Segment-Write-Key-Exposure-Leading-to-Data-Injection-and-User-Profile-Manipulation-In-app-babychakra-3192de3f97fb8084b6b5cb06f96cdf57?source=copy_link

Credits

🔍 fxizenta (VulDB User) VulDB