CVE-2026-5420 | Shinrays Games Goods Triple App up to 1.200 cats.goods.sort.sorting.games jRwTX.java AES_IV/AES_PASSWORD hard-coded key

A vulnerability marked as problematic has been reported in Shinrays Games Goods Triple App up to 1.200. The affected element is an unknown function of the file jRwTX.java of the component cats.goods.sort.sorting.games. Performing a manipulation of the argument AES_IV/AES_PASSWORD results in use of hard-coded cryptographic key
.

This vulnerability is known as CVE-2026-5420. Attacking locally is a requirement. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-5420 | Shinrays Games Goods Triple App up to 1.200 cats.goods.sort.sorting.games jRwTX.java AES_IV/AES_PASSWORD hard-coded key

Post correlati

CVE-2026-3439 | SonicWall SonicOS stack-based overflow (SNWLID-2026-0001)

CVE-2022-48987 | Linux Kernel up to 6.0.12 v4l2-dv-timings.c v4l2_bt_timings integer overflow

CVE-2024-30849 | SourceCodester Complete E-Commerce Site 1.0 admin/products_photo.php filename unrestricted upload

CVE-2024-56128 | Apache Kafka up to 3.7.1/3.8.0 SCRAM incorrect implementation of authentication algorithm