CVE Catalog

CVE-2026-9222

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

15th percentile — higher than 15% of all known CVEs

Summary

The Setracker2 Android Companion App (com.tgelec.setracker) versions 3.1.5 and prior only require the password hash when authenticating with backend services from the client. An attacker who knows the hash can authenticate and gain full access.

Risk Assessment

The risk is that an attacker with knowledge of the password hash (e.g., obtained from a leak or interception) can impersonate the user and take full control of their account and data.

Recommendation

Immediately update the app to the latest version that fixes this vulnerability. If no update is available, consider temporarily disabling the app until a patch is released.

Original NVD description (English source)

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior only require the password hash when authenticating with backend services from the client. This could allow an attacker, who knows the hash, to authenticate and gain full access.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS