What is the CVSS score of CVE-2026-26208?

CVE-2026-26208 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.5%.

Which versions of Windows are affected by CVE-2026-26208?

ADB Explorer, a Windows-based Android debugging tool, contains a critical remote code execution vulnerability affecting any organization using this software for mobile device management or…

How to fix or mitigate CVE-2026-26208?

Within 24 hours: Identify all systems running ADB Explorer and document inventory; restrict network access to affected systems where possible. Within 7 days: Contact ADB Explorer developers for patch availability timeline; evaluate whether ADB Explorer is business-critical or can be temporarily uninstalled; test alternative Android debugging solutions. Within 30 days: Deploy patched version once available; if no patch is released, establish decision to either continue use with compensating controls or migrate to alternative tooling.

Windows CVE-2026-26208

HIGH

Deserialization of Untrusted Data (CWE-502)

2026-02-13 security-advisories@github.com

Windows RCE Deserialization

7.8

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

7.8 HIGH

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:02 vuln.today

CVE Published

Feb 13, 2026 - 19:17 nvd

HIGH 7.8

DescriptionGitHub Advisory

ADB Explorer is a fluent UI for ADB on Windows. Prior to Beta 0.9.26020, ADB Explorer is vulnerable to Insecure Deserialization leading to Remote Code Execution. The application attempts to deserialize the App.txt settings file using Newtonsoft.Json with TypeNameHandling set to Objects. This allows an attacker to supply a crafted JSON file containing a gadget chain (e.g., ObjectDataProvider) to execute arbitrary code when the application launches and subsequently saves its settings. This vulnerability is fixed in Beta 0.9.26020.

AnalysisAI

ADB Explorer on Windows versions prior to Beta 0.9.26020 allows local attackers to achieve remote code execution by crafting a malicious App.txt settings file that exploits insecure JSON deserialization with enabled type name handling. An attacker can inject a gadget chain payload into the configuration file that executes arbitrary code when the application launches and processes settings. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Place malicious App.txt in ADB Explorer directory

Exploit

Application deserializes crafted JSON at launch

Execution

ObjectDataProvider gadget chain executes

Impact

Arbitrary code runs with user privileges

Access

Place malicious App.txt in ADB Explorer directory

Exploit

Application deserializes crafted JSON at launch

Execution

ObjectDataProvider gadget chain executes

Impact

Arbitrary code runs with user privileges

Vulnerability AssessmentAI

Exploitation	ADB Explorer versions prior to Beta 0.9.26020 with App.txt settings file present in application directory. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 7.8 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	A remote attacker could exploit this vulnerability to supply a crafted JSON file containing a gadget chain (e.
Remediation	Monitor vendor advisories for a patch. Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all systems running ADB Explorer and document inventory; restrict network access to affected systems where possible. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-26208 vulnerability details – vuln.today

Back

Windows CVE-2026-26208

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code