CVE-2026-4243

Name of the Vulnerable Software and Affected Versions La Nacion App version 10.2.25

Description A weakness exists in La Nacion App version 10.2.25 on Android. The issue impacts an unknown function within the file source/app/lanacion/clublanacion/BuildConfig.java of the app.lanacion.activity component. Manipulation of the API KEY WEBSOCKET CV argument can result in the unprotected storage of credentials. The attack is limited to local execution and is considered difficult to exploit, despite the public availability of the exploit. The vendor was notified but did not respond.

Recommendations Update to a newer version of La Nacion App that addresses this issue. As a temporary workaround, restrict or disable the use of the API KEY WEBSOCKET CV argument until a patch is available.