CVE-2026-5462 | Wahoo Fitness SYSTM App up to 7.2.1 on Android com.WahooFitness.SYSTM BuildConfig.java SEGMENT_WRITE_KEY hard-coded key

A vulnerability described as problematic has been identified in Wahoo Fitness SYSTM App up to 7.2.1 on Android. Impacted is an unknown function of the file com/WahooFitness/SYSTM/BuildConfig.java of the component com.WahooFitness.SYSTM. Such manipulation of the argument SEGMENT_WRITE_KEY leads to use of hard-coded cryptographic key
.

This vulnerability is uniquely identified as CVE-2026-5462. Local access is required to approach this attack. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-5462 | Wahoo Fitness SYSTM App up to 7.2.1 on Android com.WahooFitness.SYSTM BuildConfig.java SEGMENT_WRITE_KEY hard-coded key

Post correlati

CVE-2024-4492 | Tenda i21 1.0.0.14(4656) /goform/setStaOffline formOfflineSet GO/ssidIndex stack-based overflow

CVE-2025-5729 | code-projects Health Center Patient Record Management System 1.0 /birthing_record.php itr_no sql injection

CVE-2024-56035 | Kurt Payne Upload Scanner Plugin up to 1.2 on WordPress cross site scripting

CVE-2021-47444 | Linux Kernel up to 5.10.74/5.14.13 on DP edid connector_bad_edid allocation of resources (a7b45024f66f/09f3946bb452/97794170b696)