CVE-2026-5457
Hard-Coded Cryptographic Key in PropertyGuru AgentNet Android
Publication date: 2026-04-03
Last updated on: 2026-04-03
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| propertyguru | agentnet | to 23.7.10 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-320 | Key Management Errors |
| CWE-321 | The product uses a hard-coded, unchangeable cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a security flaw in the PropertyGuru AgentNet Singapore App on Android (up to version 23.7.10). It involves the manipulation of certain arguments (SEGMENT_ANDROID_WRITE_KEY/SEGMENT_TOS_WRITE_KEY) in the file com/allproperty/android/agentnet/BuildConfig.java, which leads to the use of a hard-coded cryptographic key. The attack exploiting this flaw must be performed locally, and the exploit code has been publicly released.
How can this vulnerability impact me? :
The impact of this vulnerability is limited due to its low severity score. It allows an attacker with local access to manipulate cryptographic keys, potentially compromising some confidentiality aspects of the application. However, it does not affect integrity or availability, and requires local privileges to exploit.