CVE-2026-5458 | Noelse Individuals & Pro App up to 2.1.7 on Android com.afone.noelse BuildConfig.java SEGMENT_WRITE_KEY hard-coded key

A vulnerability was found in Noelse Individuals & Pro App up to 2.1.7 on Android. It has been classified as problematic. This impacts an unknown function of the file com/reactnative/antelop/BuildConfig.java of the component com.afone.noelse. This manipulation of the argument SEGMENT_WRITE_KEY causes use of hard-coded cryptographic key
.

This vulnerability is registered as CVE-2026-5458. The attack needs to be launched locally. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-5458 | Noelse Individuals & Pro App up to 2.1.7 on Android com.afone.noelse BuildConfig.java SEGMENT_WRITE_KEY hard-coded key

Post correlati

CVE-2025-24875 | SAP Commerce COM_CLOUD 2211/HY_COM 2205 Setting cross-site request forgery

CVE-2025-14244 | GreenCMS 2.3.0603 Menu Management Page CustomController.class.php Link cross site scripting

CVE-2024-36940 | Linux Kernel up to 6.8.9 pinctrl_enable double free

CVE-2023-52227 | MailerLite Plugin up to 2.0.8 on WordPress authorization