216.73.216.133

CVE-2026-5471

· Published 03/04/2026 16:16 · Modified 03/04/2026 16:16

Labels: CVE-2026-5471 2026-04-03CVE-2026-5471CWE-320[email protected]

Essential information

Published
03/04/2026 16:16
Modified
03/04/2026 16:16
Author
Creator
CVSS
1.9 LOW (v3) 1.9 LOW (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A vulnerability was detected in Investory Toy Planet Trouble App up to 1.5.5 on Android. Impacted is an unknown function of the file assets/google-services-desktop.json of the component app.investory.toyfactory. The manipulation of the argument current_key results in use of hard-coded cryptographic key . The attack must be initiated from a local position. The exploit is now public and may be used.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
investory / toy planet trouble app cpe:2.3:a:investory:toy_planet_trouble_app:*:*:*:*:*:android:*:*

References