Skip to main content

Android ADB CVE-2026-0073

| EUVDEUVD-2026-27041 HIGH
Incorrect Implementation of Authentication Algorithm (CWE-303)
2026-05-04 security@android.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
May 04, 2026 - 20:30 vuln.today
CVSS changed
May 04, 2026 - 19:22 NVD
8.8 (HIGH)
CVE Published
May 04, 2026 - 18:16 nvd
N/A

DescriptionCVE.org

In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution as the shell user with no additional execution privileges needed. User interaction is not needed for exploitation.

AnalysisAI

Authentication bypass in Android Debug Bridge (ADB) wireless mutual authentication allows adjacent network attackers to execute arbitrary code as the shell user without authentication. The flaw affects Android 14, 15, and 16 series, residing in the TLS certificate verification logic of adbd_tls_verify_cert. EPSS data not available, but CISA SSVC framework indicates no current exploitation evidence and non-automatable attack requiring network adjacency. CVSS 8.8 reflects high impact across confidentiality, integrity, and availability when the wireless debugging feature is enabled.

Technical ContextAI

Android Debug Bridge (ADB) is Android's command-line tool for communicating with devices, supporting both USB and wireless TCP/IP connections. Wireless ADB introduced in Android 11 uses TLS with mutual authentication to secure the debugging channel over Wi-Fi networks. The vulnerability (CWE-303: Incorrect Implementation of Authentication Algorithm) exists in the adbd_tls_verify_cert function within auth.cpp, the certificate verification component of the ADB daemon. This logic error allows an attacker to bypass the mutual authentication handshake that normally ensures only authorized development machines can establish debugging sessions. The flaw affects the wireless ADB feature specifically, not USB-based ADB connections. Successful exploitation grants shell user privileges, which on Android provides extensive access to system functions, application data, and the ability to install packages or modify system settings.

RemediationAI

Apply vendor-supplied security updates from the May 2025 Android Security Bulletin immediately for devices where wireless ADB debugging is used. Google has released patches through the 2026-05-01 security patch level, detailed at https://source.android.com/docs/security/bulletin/2026/2026-05-01. Device manufacturers typically distribute these patches through over-the-air updates within 30-90 days of Google's release. For Pixel devices, updates are available immediately through Settings > Security > Security update. Until patching is complete, implement these compensating controls with their respective trade-offs: Disable wireless debugging through Settings > Developer options > Wireless debugging (eliminates attack surface but requires USB cable for development work, reducing developer productivity). If wireless debugging must remain enabled, restrict usage to trusted private networks isolated from guest Wi-Fi or public networks (reduces exposure but requires network segmentation and may not protect against compromised trusted devices on same network). Enable 'Always require authentication' in Developer options if available on your Android version (adds friction to legitimate debugging workflows but provides defense-in-depth). For enterprise deployments, use Mobile Device Management policies to enforce wireless debugging disable state and monitor for unauthorized activation (administrative overhead and requires MDM infrastructure).

Share

CVE-2026-0073 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy