CVE-2026-5471

LOW 3.3

Investory Toy Planet Trouble App app.investory.toyfactory google-services-desktop.json hard-coded key

CVSS Score

3.3

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability was detected in Investory Toy Planet Trouble App up to 1.5.5 on Android. Impacted is an unknown function of the file assets/google-services-desktop.json of the component app.investory.toyfactory. The manipulation of the argument current_key results in use of hard-coded cryptographic key . The attack must be initiated from a local position. The exploit is now public and may be used.

CWE	CWE-321 CWE-320
Vendor	investory
Product	toy planet trouble app
Published	Apr 3, 2026
Last Updated	Apr 4, 2026

Stay Ahead of the Next One

Get instant alerts for investory toy planet trouble app

Be the first to know when new low vulnerabilities affecting investory toy planet trouble app are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

Investory / Toy Planet Trouble App

1.5.0 1.5.1 1.5.2 1.5.3 1.5.4 1.5.5

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/355075 vuldb.com: https://vuldb.com/vuln/355075/cti vuldb.com: https://vuldb.com/submit/781784 notion.so: https://www.notion.so/Firebase-API-Key-Exposure-Leading-to-Unauthorized-Anonymous-Authentication-and-Data-Access-in-app-in-3262de3f97fb80f1abe6fb5f3eb373bc?source=copy_link

Credits

🔍 fxizenta (VulDB User)