CVE-2026-5457
PropertyGuru AgentNet Singapore App com.allproperty.android.agentnet BuildConfig.java hard-coded key
CVSS Score
3.3
EPSS Score
0.0%
EPSS Percentile
1th
A security flaw has been discovered in PropertyGuru AgentNet Singapore App up to 23.7.10 on Android. This affects an unknown function of the file com/allproperty/android/agentnet/BuildConfig.java of the component com.allproperty.android.agentnet. The manipulation of the argument SEGMENT_ANDROID_WRITE_KEY/SEGMENT_TOS_WRITE_KEY results in use of hard-coded cryptographic key . The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
| CWE | CWE-321 CWE-320 |
| Vendor | propertyguru |
| Product | agentnet singapore app |
| Published | Apr 3, 2026 |
| Last Updated | Apr 3, 2026 |
Stay Ahead of the Next One
Get instant alerts for propertyguru agentnet singapore app
Be the first to know when new low vulnerabilities affecting propertyguru agentnet singapore app are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
PropertyGuru / AgentNet Singapore App
23.7.0 23.7.1 23.7.2 23.7.3 23.7.4 23.7.5 23.7.6 23.7.7 23.7.8 23.7.9 23.7.10
References
vuldb.com: https://vuldb.com/vuln/355045 vuldb.com: https://vuldb.com/vuln/355045/cti vuldb.com: https://vuldb.com/submit/781764 notion.so: https://www.notion.so/Segment-Write-Key-Exposure-Leading-to-Data-Injection-and-User-Profile-Manipulation-In-com-allpropert-3262de3f97fb80b5aa5ae52475bf155e?source=copy_link
Credits
๐ fxizenta (VulDB User) VulDB CNA Team