What is CVE-2026-5452?

CVE-2026-5452 is a low-severity vulnerability in Ucc Campusconnect App, classified under Use of Hard-coded Cryptographic Key. CVSS score: 3.3/10. Published 2026-04-03.

How severe is CVE-2026-5452?

Low severity. CVSS v3 base score is 3.3 out of 10.

Vulnerability in Ucc Campusconnect App

CVE-2026-5452

A flaw has been found in UCC CampusConnect App up to 14.3.5 on Android. This vulnerability affects unknown code of the file campusconnect/BuildConfig.java of the component campusconnect.ucc. This manipulation causes use of hard-coded crypt…

EPSS: 0.000 (0.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.3 (Low). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R.

Affected products

Ucc Campusconnect App — versions 14.3.0, 14.3.1, 14.3.2

Weakness classification (CWE)

References

VDB-355040 | UCC CampusConnect App campusconnect.ucc BuildConfig.java hard-coded key (vdb-entry)
VDB-355040 | CTI Indicators (IOB, IOC, TTP, IOA) (signature, permissions-required)
Submit #781757 | CampusConnect™ UCC CampusConnect(campusconnect.ucc) 14.3.5 Uploadcare Private Key Exposure (third-party-advisory)
www.notion.so/Uploadcare-Private-Key-Exposure-Leading-to-Unauthorized-File-Oper… (exploit)

Frequently asked questions

What is CVE-2026-5452?: CVE-2026-5452 is a low-severity vulnerability in Ucc Campusconnect App, classified under Use of Hard-coded Cryptographic Key. CVSS score: 3.3/10. Published 2026-04-03.
How severe is CVE-2026-5452?: Low severity. CVSS v3 base score is 3.3 out of 10.