Hard-coded Cryptographic Key Vulnerability in Investory Toy Planet Trouble App
CVE-2026-5471
Key Information:
- Vendor
Investory
- Status
- Vendor
- CVE Published:
- 3 April 2026
Badges
What is CVE-2026-5471?
A local vulnerability was identified in the Investory Toy Planet Trouble App version up to 1.5.5 for Android, linked to an unknown function within the file assets/google-services-desktop.json. This vulnerability allows manipulation of the argument current_key, which leads to the utilization of a hard-coded cryptographic key. As a result, this flaw may permit unauthorized access to sensitive cryptographic resources, enabling a potential attacker with local access to exploit the application. The exploit details are now public, exposing users to possible unauthorized data access and authentication issues.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Toy Planet Trouble App 1.5.0
Toy Planet Trouble App 1.5.1
Toy Planet Trouble App 1.5.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved