Severity by source
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution as the shell user with no additional execution privileges needed. User interaction is not needed for exploitation.
AnalysisAI
Authentication bypass in Android Debug Bridge (ADB) wireless mutual authentication allows adjacent network attackers to execute arbitrary code as the shell user without authentication. The flaw affects Android 14, 15, and 16 series, residing in the TLS certificate verification logic of adbd_tls_verify_cert. EPSS data not available, but CISA SSVC framework indicates no current exploitation evidence and non-automatable attack requiring network adjacency. CVSS 8.8 reflects high impact across confidentiality, integrity, and availability when the wireless debugging feature is enabled.
Technical ContextAI
Android Debug Bridge (ADB) is Android's command-line tool for communicating with devices, supporting both USB and wireless TCP/IP connections. Wireless ADB introduced in Android 11 uses TLS with mutual authentication to secure the debugging channel over Wi-Fi networks. The vulnerability (CWE-303: Incorrect Implementation of Authentication Algorithm) exists in the adbd_tls_verify_cert function within auth.cpp, the certificate verification component of the ADB daemon. This logic error allows an attacker to bypass the mutual authentication handshake that normally ensures only authorized development machines can establish debugging sessions. The flaw affects the wireless ADB feature specifically, not USB-based ADB connections. Successful exploitation grants shell user privileges, which on Android provides extensive access to system functions, application data, and the ability to install packages or modify system settings.
RemediationAI
Apply vendor-supplied security updates from the May 2025 Android Security Bulletin immediately for devices where wireless ADB debugging is used. Google has released patches through the 2026-05-01 security patch level, detailed at https://source.android.com/docs/security/bulletin/2026/2026-05-01. Device manufacturers typically distribute these patches through over-the-air updates within 30-90 days of Google's release. For Pixel devices, updates are available immediately through Settings > Security > Security update. Until patching is complete, implement these compensating controls with their respective trade-offs: Disable wireless debugging through Settings > Developer options > Wireless debugging (eliminates attack surface but requires USB cable for development work, reducing developer productivity). If wireless debugging must remain enabled, restrict usage to trusted private networks isolated from guest Wi-Fi or public networks (reduces exposure but requires network segmentation and may not protect against compromised trusted devices on same network). Enable 'Always require authentication' in Developer options if available on your Android version (adds friction to legitimate debugging workflows but provides defense-in-depth). For enterprise deployments, use Mobile Device Management policies to enforce wireless debugging disable state and monitor for unauthorized activation (administrative overhead and requires MDM infrastructure).
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-27041