CVE-2026-5455
Hardcoded Cryptographic Key Vulnerability in Dialogue App Android
Publication date: 2026-04-03
Last updated on: 2026-04-03
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dialogue_app | dialogue_app | to 4.3.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-320 | Key Management Errors |
| CWE-321 | The product uses a hard-coded, unchangeable cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Dialogue App up to version 4.3.2 on Android. It involves an unknown function within the file res/raw/config.json of the component ca.diagram.dialogue. By manipulating the argument SEGMENT_WRITE_KEY, an attacker can cause the application to use a hard-coded cryptographic key.
The attack can only be performed locally, meaning the attacker needs local access to the device. The vulnerability has been publicly disclosed and could potentially be exploited.
How can this vulnerability impact me? :
The impact of this vulnerability is limited due to its low CVSS scores and the requirement for local access. However, the use of a hard-coded cryptographic key can weaken the security of the application by making cryptographic operations predictable or vulnerable to key extraction.
This could potentially allow an attacker with local access to compromise the confidentiality of certain data protected by the cryptographic key, but it does not affect integrity or availability.