CVE-2026-5462

Name of the Vulnerable Software and Affected Versions Wahoo Fitness SYSTM App versions through 7.2.1

Description A security issue exists in the Wahoo Fitness SYSTM App on Android, up to version 7.2.1. The issue involves the use of a hard-coded cryptographic key within the file com/WahooFitness/SYSTM/BuildConfig.java of the com.WahooFitness.SYSTM component. Manipulation of the SEGMENT WRITE KEY argument can lead to the exposure of this key. Local access is required for exploitation. The exploit is publicly available.

Recommendations Update to a version beyond 7.2.1 when available. As a temporary workaround, restrict local access to the application.