CVE-2026-4242 LOW

CVE-2026-4242: BabyChakra Pregnancy & Parenting App app.babychakra.babychakra Configuration.java credentials storage

Vendor Babychakra

Product Pregnancy & Parenting App

Weakness CWE-256

Published March 16, 2026

Last update March 16, 2026

View on NVD All CVEs

CVSS base score

2.0/10

Attack vector Local

Attack complexity High

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

Description

A security flaw has been discovered in BabyChakra Pregnancy & Parenting App up to 5.4.3.0 on Android. This affects an unknown function of the file file app/babychakra/babychakra/Configuration.java of the component app.babychakra.babychakra. Performing a manipulation of the argument SEGMENT_WRITE_KEY results in unprotected storage of credentials. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitability is reported as difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

Disclosure timeline

March 16, 2026 CVE published

March 16, 2026 Record updated

Identifiers

CVE CVE-2026-4242

CWE CWE-256

CVSS 2.0 / LOW

Affected versions

Vendor Babychakra

Product Pregnancy & Parenting App

Affected 5.4.0

Vendor Babychakra

Product Pregnancy & Parenting App

Affected 5.4.1

Vendor Babychakra

Product Pregnancy & Parenting App

Affected 5.4.2

Vendor Babychakra

Product Pregnancy & Parenting App

Affected 5.4.3.0