What is CVE-2026-5471?

CVE-2026-5471 is a low-severity vulnerability in Investory Toy Planet Trouble App, classified under Use of Hard-coded Cryptographic Key. CVSS score: 3.3/10. Published 2026-04-03.

How severe is CVE-2026-5471?

Low severity. CVSS v3 base score is 3.3 out of 10.

Vulnerability in Investory Toy Planet Trouble App

CVE-2026-5471

A vulnerability was detected in Investory Toy Planet Trouble App up to 1.5.5 on Android. Impacted is an unknown function of the file assets/google-services-desktop.json of the component app.investory.toyfactory. The manipulation of the arg…

EPSS: 0.000 (0.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.3 (Low). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R.

Affected products

Investory Toy Planet Trouble App — versions 1.5.0, 1.5.1, 1.5.2

Weakness classification (CWE)

References

VDB-355075 | Investory Toy Planet Trouble App app.investory.toyfactory google-services-desktop.json hard-coded key (vdb-entry, technical-description)
VDB-355075 | CTI Indicators (IOB, IOC, TTP, IOA) (signature, permissions-required)
Submit #781784 | INVESTORY Investory(app.investory.toyfactory) 1.5.5 Firebase API Key Exposure (third-party-advisory)
www.notion.so/Firebase-API-Key-Exposure-Leading-to-Unauthorized-Anonymous-Authe… (exploit)

Frequently asked questions

What is CVE-2026-5471?: CVE-2026-5471 is a low-severity vulnerability in Investory Toy Planet Trouble App, classified under Use of Hard-coded Cryptographic Key. CVSS score: 3.3/10. Published 2026-04-03.
How severe is CVE-2026-5471?: Low severity. CVSS v3 base score is 3.3 out of 10.