CVE-2026-5453 MEDIUM

CVE-2026-5453: Rico só vantagem pra investir App br.com.rico.mobile SegmentSettingsModule.java hard-coded key

Vendor Rico

Product só vantagem pra investir App

Weakness CWE-321

Published April 3, 2026

Last update April 3, 2026

View on NVD All CVEs

CVSS base score

4.8/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

Description

A vulnerability has been found in Rico só vantagem pra investir App up to 4.58.32.12421 on Android. This issue affects some unknown processing of the file br/com/rico/mobile/di/SegmentSettingsModule.java of the component br.com.rico.mobile. Such manipulation of the argument SEGMENT_WRITE_KEY leads to use of hard-coded cryptographic key . The attack can only be performed from a local environment. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

Disclosure timeline

April 3, 2026 CVE published

April 3, 2026 Record updated