CVE-2026-5454
GRID Organiser App co.gridapp.organiser app.json hard-coded key
CVSS Score
3.3
EPSS Score
0.0%
EPSS Percentile
1th
A vulnerability was found in GRID Organiser App up to 1.0.5 on Android. Impacted is an unknown function of the file fileΒ res/raw/app.json of the component co.gridapp.organiser. Performing a manipulation of the argument SegmentWriteKey results in use of hard-coded cryptographic key . The attack is only possible with local access. The exploit has been made public and could be used.
| CWE | CWE-321 CWE-320 |
| Vendor | grid |
| Product | organiser app |
| Published | Apr 3, 2026 |
| Last Updated | Apr 3, 2026 |
Stay Ahead of the Next One
Get instant alerts for grid organiser app
Be the first to know when new low vulnerabilities affecting grid organiser app are published β delivered to Slack, Telegram or Discord.
Get Free Alerts β
Free Β· No credit card Β· 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
GRID / Organiser App
1.0.0 1.0.1 1.0.2 1.0.3 1.0.4 1.0.5
References
vuldb.com: https://vuldb.com/vuln/355042 vuldb.com: https://vuldb.com/vuln/355042/cti vuldb.com: https://vuldb.com/submit/781759 notion.so: https://www.notion.so/Segment-Write-Key-Exposure-Leading-to-Data-Injection-and-User-Profile-Manipulation-In-co-gridapp-org-3262de3f97fb801b9173c4851c7ad864?source=copy_link
Credits
π fxizenta (VulDB User)