CVE-2026-4219

Name of the Vulnerable Software and Affected Versions INDEX Conferences & Exhibitions Organization YWF BPOF APGCS App versions up to 1.0.2

Description A flaw exists in INDEX Conferences & Exhibitions Organization YWF BPOF APGCS App on Android. The issue affects an unknown functionality within the com/index/event/BuildConfig.java file of the ae.index.apgcs component. Manipulation of the ACCESS KEY/HASH KEY argument can lead to the disclosure of hard-coded credentials. Exploitation is limited to local execution. The exploit has been published. The vendor was contacted regarding this issue but did not respond.

Recommendations Versions prior to 1.0.2 should be updated. As a temporary workaround, consider restricting access to the BuildConfig.java file to minimize the risk of exploitation.