{"@context":"https://openvex.dev/ns/v0.2.0","@id":"https://database.harborguard.co/cve/CVE-2026-9222/vex.json","author":"HarborGuard Database","role":"Document Creator","timestamp":"2026-06-25T23:29:03.046Z","version":1,"tooling":"HarborGuard Database (https://database.harborguard.co)","statements":[{"vulnerability":{"name":"CVE-2026-9222","@id":"https://www.cve.org/CVERecord?id=CVE-2026-9222","description":"Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior only require the password hash when authenticating with backend services from the client. This could allow an attacker, who knows the hash, to authenticate and gain full access."},"products":[{"@id":"cpe:2.3:a:shenzhen_i365-tech_co._ltd.:setracker2_parental_control_app_\\(android\\)_package_com.tgelec.setracker:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:shenzhen_i365-tech_co._ltd.:setracker2_parental_control_app_\\(android\\)_package_com.tgelec.setracker:*:*:*:*:*:*:*:*"}}],"status":"affected","action_statement":"No fixed version is published yet; monitor the upstream advisory.","timestamp":"2026-06-25T23:29:03.046Z"}]}