Description
A vulnerability was determined in Dialogue App up to 4.3.2 on Android. The affected element is an unknown function of the file file res/raw/config.json of the component ca.diagram.dialogue. Executing a manipulation of the argument SEGMENT_WRITE_KEY can lead to use of hard-coded cryptographic key
. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-04-03
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Local Key Exposure
Action: Patch
AI Analysis

Impact

A hard‑coded cryptographic key is stored in the file res/raw/config.json of the ca.diagram.dialogue component of Dialogue App. Manipulating the SEGMENT_WRITE_KEY argument allows local code to activate this hard‑coded key, exposing weaknesses identified as CWE-320 and CWE-321. This can enable data injection or unauthorized user‑profile manipulation on the device where the app runs.

Affected Systems

The flaw affects Dialogue App version 4.3.2 and earlier on Android devices. No other vendors, products, or versions are documented as impacted.

Risk and Exploitability

The CVSS score of 4.8 reflects moderate severity. Exploitation requires local execution; remote attackers cannot reach the vulnerability directly. EPSS data is unavailable and the issue is not listed in the CISA KEV catalog. While the vulnerability is publicly disclosed, only users or malicious applications on the same device can exploit it, limiting its broader threat but still posing a significant risk to device‑owner data.

Generated by OpenCVE AI on April 3, 2026 at 08:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Dialogue App to a newer version that removes the hard‑coded SEGMENT_WRITE_KEY.
  • If no update is available, uninstall or disable the application to prevent local exploitation.
  • Monitor the vendor’s website or security advisories for a patch; consider switching to an alternative app if the issue remains unresolved.

Generated by OpenCVE AI on April 3, 2026 at 08:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Apr 2026 14:00:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Dialogue
Dialogue dialogue App
Vendors & Products Dialogue
Dialogue dialogue App

Fri, 03 Apr 2026 06:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in Dialogue App up to 4.3.2 on Android. The affected element is an unknown function of the file file res/raw/config.json of the component ca.diagram.dialogue. Executing a manipulation of the argument SEGMENT_WRITE_KEY can lead to use of hard-coded cryptographic key . The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Title Dialogue App ca.diagram.dialogue config.json hard-coded key
Weaknesses CWE-320
CWE-321
References
Metrics cvssV2_0

{'score': 1.7, 'vector': 'AV:L/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 3.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Dialogue Dialogue App
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-03T12:49:28.090Z

Reserved: 2026-04-02T22:15:29.975Z

Link: CVE-2026-5455

cve-icon Vulnrichment

Updated: 2026-04-03T12:49:25.066Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-03T07:16:20.210

Modified: 2026-04-03T16:10:23.730

Link: CVE-2026-5455

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T09:15:43Z

Weaknesses