Wahoo Fitness SYSTM App Segment Write Key Exposure Vulnerability

Vulnerability

A vulnerability exists in the Wahoo Fitness SYSTM App for Android, in versions up to 7.2.1. The issue arises from a hard-coded Segment write key found in the BuildConfig.java file of the com.WahooFitness.SYSTM component. This key can be extracted through reverse engineering and used to send arbitrary tracking events or modify user profiles via Segment's API. Such exploitation could inject false analytics data, disrupt business intelligence, skew user segmentation, and misuse related downstream systems.

Impact

Exploitation of this vulnerability allows for the injection of fraudulent analytics data and manipulation of user profiles, potentially leading to corrupted business intelligence and incorrect user segmentation.

Added: Apr 3, 2026, 8:18 AM

Updated: Apr 3, 2026, 8:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

5.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

5.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Wahoo Fitness SYSTM App Segment Write Key Exposure Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating