CVE-2026-5453 PUBLISHED

A vulnerability has been found in Rico só vantagem pra investir App up to 4.58.32.12421 on Android. This issue affects some unknown processing of the file br/com/rico/mobile/di/SegmentSettingsModule.java of the component br.com.rico.mobile. Such manipulation of the argument SEGMENT_WRITE_KEY leads to use of hard-coded cryptographic key . The attack can only be performed from a local environment. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

• fxizenta (VulDB User) reporter
• VulDB CNA Team coordinator

• VDB-355041 | Rico só vantagem pra investir App br.com.rico.mobile SegmentSettingsModule.java hard-coded key
• VDB-355041 | CTI Indicators (IOB, IOC, TTP, IOA)
• Submit #781758 | RICO.COM.VC Rico(br.com.rico.mobile) 4.58.32.12421 Segment Write Key Exposure
• https://www.notion.so/Segment-Write-Key-Exposure-Leading-to-Data-Injection-and-User-Profile-Manipulation-In-br-com-rico-mo-3262de3f97fb800a9bfef6e6fd7d7179?source=copy_link

• Use of Hard-coded Cryptographic Key CWE
• Key Management Error CWE