Goods Triple App <=1.200 Hard-Coded Key via AES_IV Manipulation
CVE-2026-5420 Published on April 2, 2026
Shinrays Games Goods Triple App cats.goods.sort.sorting.games jRwTX.java hard-coded key
A security flaw has been discovered in Shinrays Games Goods Triple App up to 1.200. The affected element is an unknown function of the file jRwTX.java of the component cats.goods.sort.sorting.games. Performing a manipulation of the argument AES_IV/AES_PASSWORD results in use of hard-coded cryptographic key
. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitability is described as difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Timeline
Advisory disclosed
VulDB entry created
VulDB entry last update
Weakness Types
Use of Hard-coded Cryptographic Key
The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.
Key Management Errors
Weaknesses in this category are related to errors in the management of cryptographic keys.
Affected Versions
Shinrays Games Goods Triple App Version 1 is affected by CVE-2026-5420Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.