CVE-2026-4251 | CityData CityChat up to 0.12.6 on Android ai.citydata.citychat credentials.json credentials storage

A vulnerability was found in CityData CityChat up to 0.12.6 on Android and classified as problematic. Affected by this vulnerability is an unknown functionality of the file resources/assets/flutter_assets/assets/credentials.json of the component ai.citydata.citychat. Executing a manipulation can lead to unprotected storage of credentials.

This vulnerability appears as CVE-2026-4251. The attack requires local access. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4251 | CityData CityChat up to 0.12.6 on Android ai.citydata.citychat credentials.json credentials storage

Post correlati

CVE-2025-9768 | itsourcecode Sports Management System 1.0 /Admin/mode.php sql injection

CVE-2023-49089 | Umbraco CMS up to 8.18.9/10.8.0/12.2.x path traversal (GHSA-6324-52pr-h4p5)

CVE-2026-2623 | Blossom up to 1.17.1 File Upload BLOSManager.java put path traversal

CVE-2025-1270 | Anapi Group H6Web ha_datos_hermano.php pkrelated authorization