Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
1.9
UCC CampusConnect App for Android Uses Hardcoded Security Key
CVE-2026-5452
Summary
A security flaw in the UCC CampusConnect App for Android versions up to 14.3.5 could allow an attacker to access sensitive information. This is because the app uses a hardcoded security key, rather than a secure method to store and manage keys. Update the app to the latest version to fix this issue.
Original title
A flaw has been found in UCC CampusConnect App up to 14.3.5 on Android. This vulnerability affects unknown code of the file campusconnect/BuildConfig.java of the component campusconnect.ucc. This m...
Original description
A flaw has been found in UCC CampusConnect App up to 14.3.5 on Android. This vulnerability affects unknown code of the file campusconnect/BuildConfig.java of the component campusconnect.ucc. This manipulation causes use of hard-coded cryptographic key
. The attack can only be executed locally. The exploit has been published and may be used.
. The attack can only be executed locally. The exploit has been published and may be used.
nvd CVSS2.0
1.7
nvd CVSS3.1
3.3
nvd CVSS4.0
1.9
Vulnerability type
CWE-320
CWE-321
Use of Hard-coded Cryptographic Key
Published: 3 Apr 2026 · Updated: 3 Apr 2026 · First seen: 3 Apr 2026