CVE-2026-4219 | INDEX Conferences & Exhibitions Organization YWF BPOF APGCS App up to 1.0.2 on Android ae.index.apgcs BuildConfig.java ACCESS_KEY/HASH_KEY hard-coded credentials

A vulnerability categorized as problematic has been discovered in INDEX Conferences & Exhibitions Organization YWF BPOF APGCS App up to 1.0.2 on Android. Affected by this vulnerability is an unknown functionality of the file com/index/event/BuildConfig.java of the component ae.index.apgcs. Executing a manipulation of the argument ACCESS_KEY/HASH_KEY can lead to hard-coded credentials.

This vulnerability is tracked as CVE-2026-4219. The attack is restricted to local execution. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4219 | INDEX Conferences & Exhibitions Organization YWF BPOF APGCS App up to 1.0.2 on Android ae.index.apgcs BuildConfig.java ACCESS_KEY/HASH_KEY hard-coded credentials

Post correlati

CVE-2023-52475 | Linux Kernel up to 6.5.7 powermate usb_kill_urb use after free

CVE-2025-15361 | GnuPG Literal Data Packet privilege escalation

CVE-2025-26580 | CompleteWebResources Page Post Specific Social Share Buttons Plugin up to 2.1 on WordPress cross-site request forgery

CVE-2024-28914 | Microsoft unknown vulnerability