CVE-2026-9221
Received Received - Intake
Setracker2 Android App Session ID Exposure via MD5 Signature

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: ICS-CERT

Description
The Setracker2 Android Companion App (com.tgelec.setracker) versions 3.1.5 and earlier uses MD5 to generate a request signature for authenticating communications between the mobile client and the backend REST API. Attackers could potentially reverse the signature to recover the session ID. With the session ID exposed, an attacker could impersonate the legitimate user and issue authenticated API requests.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-06-26
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2026-9221
EUVD
EUVD-2026-39597
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-327 The product uses a broken or risky cryptographic algorithm or protocol.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The Setracker2 Android Companion App versions 3.1.5 and earlier uses the MD5 hashing algorithm to generate a request signature for authenticating communications between the mobile client and the backend REST API.

Because MD5 is cryptographically weak, attackers could potentially reverse the signature to recover the session ID.

With the session ID exposed, an attacker could impersonate the legitimate user and issue authenticated API requests.

Impact Analysis

This vulnerability can allow attackers to impersonate legitimate users by recovering their session IDs.

As a result, attackers could issue authenticated API requests on behalf of the user without needing their credentials.

This could lead to unauthorized access to user data or actions within the application.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9221. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart