Setracker2 Android app (com.tgelec.setracker) hit by CRITICAL vuln (CVE-2026-9222, CVSS 9.2): uses password hash for authentication. Anyone with the hash can access backend services. Update guidance pending. https://radar.offseq.com/threat/cve-2026-9222-cwe-836-use-of-password-hash-instead-9894d1554efb5333 #OffSeq #AndroidSec #CVE20269222