CVE-2026-9222 — HIGH (8.1) — White Hats Nepal

Vulnerability Description

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior only require the password hash when authenticating with backend services from the client. This could allow an attacker, who knows the hash, to authenticate and gain full access.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Related Weaknesses (CWE)

CWE-836

References

https://raw.githubusercontent.com/cisagov/CSAF/refs/heads/develop/csaf_files/VA/

FAQ

What is CVE-2026-9222?

CVE-2026-9222 is a vulnerability with a CVSS score of 8.1 (HIGH). Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior only require the password hash when authenticating with backend services from the client. This could allow an attacker, w...

How severe is CVE-2026-9222?

CVE-2026-9222 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-9222?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.