Description
A security flaw has been discovered in BabyChakra Pregnancy & Parenting App up to 5.4.3.0 on Android. This affects an unknown function of the file file app/babychakra/babychakra/Configuration.java of the component app.babychakra.babychakra. Performing a manipulation of the argument SEGMENT_WRITE_KEY results in unprotected storage of credentials. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitability is reported as difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-03-16
Score: 2 Low
EPSS: < 1% Very Low
KEV: No
Impact: Credential Exposure
Action: Patch
AI Analysis

Impact

A flaw in the BabyChakra Pregnancy & Parenting App (up to version 5.4.3.0) allows a local attacker to manipulate the SEGMENT_WRITE_KEY argument in Configuration.java, resulting in unprotected storage of credentials. The vulnerability is a Sensitive Data Exposure (CWE-255) and Unprotected Storage of Secrets (CWE-256). Because credentials are stored without encryption or integrity checks, they can be read by anyone with local access to the device, leading to potential credential compromise and subsequent misuse of user accounts or data. The vendor was notified but did not respond, and the exploit code is publicly available, indicating the flaw is reproducible and may be used in real attacks.

Affected Systems

The affected product is the BabyChakra Pregnancy & Parenting App for Android, versions up to 5.4.3.0. The vulnerability resides in the app's Configuration.java file, specifically in an unknown function that handles the SEGMENT_WRITE_KEY argument.

Risk and Exploitability

The CVSS score is 2, indicating a low severity rating. The EPSS score is not available and the vulnerability is not listed in the KEV catalog. Exploitability is reported as difficult and requires local access, but the public release of exploit code increases the risk of exploitation. Overall risk is low but significant for devices where the app is installed and local access is possible.

Generated by OpenCVE AI on March 17, 2026 at 11:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update BabyChakra Pregnancy & Parenting App to the latest patched version above 5.4.3.0 if one is available.
  • If an update is not available, contact BabyChakra support to request a fix or disable the use of SEGMENT_WRITE_KEY within the application’s configuration.
  • As a temporary measure, limit local access to the device or remove the app’s configuration files that store the SEGMENT_WRITE_KEY in an unprotected manner.

Generated by OpenCVE AI on March 17, 2026 at 11:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Babychakra
Babychakra pregnancy & Parenting App
Vendors & Products Babychakra
Babychakra pregnancy & Parenting App

Mon, 16 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 14:45:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in BabyChakra Pregnancy & Parenting App up to 5.4.3.0 on Android. This affects an unknown function of the file file app/babychakra/babychakra/Configuration.java of the component app.babychakra.babychakra. Performing a manipulation of the argument SEGMENT_WRITE_KEY results in unprotected storage of credentials. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitability is reported as difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Title BabyChakra Pregnancy & Parenting App app.babychakra.babychakra Configuration.java credentials storage
Weaknesses CWE-255
CWE-256
References
Metrics cvssV2_0

{'score': 1, 'vector': 'AV:L/AC:H/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 2.5, 'vector': 'CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 2.5, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 2, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Babychakra Pregnancy & Parenting App
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-16T18:41:38.452Z

Reserved: 2026-03-15T20:46:40.333Z

Link: CVE-2026-4242

cve-icon Vulnrichment

Updated: 2026-03-16T18:41:33.179Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-16T15:16:26.717

Modified: 2026-03-17T14:20:01.670

Link: CVE-2026-4242

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:44:24Z

Weaknesses