Latest Android ADB vulnerability: CVE-2026-0073 #
Google disclosed that certain Android versions are susceptible to an authentication bypass vulnerability within the wireless ADB mutual authentication process. This is due to a logic error in the adbd_tls_verify_cert function of the auth.cpp subcomponent in the ADB daemon (adbd). An unauthenticated attacker with adjacent network access can exploit this flaw to achieve remote code execution (RCE) as the shell user. This exploit requires no additional privileges and no user interaction. This vulnerability has been designated CVE-2026-0073 and has been rated high with a CVSS score of 8.8.
The following versions are affected:
- Android 14: Prior to the 2026-05-01 security patch level.
- Android 15: Prior to the 2026-05-01 security patch level.
- Android 16: Prior to the 2026-05-01 security patch level.
- Android 16-qpr2: Prior to the 2026-05-01 security patch level.
What is Android Wireless Android Debug Bridge (ADB)? #
Android Wireless Android Debug Bridge (ADB) is a communication feature that enables remote shell command execution, application installation, and system debugging over a local Wi-Fi network using the TCP/IP protocol, removing the need for a physical USB connection.
What is the impact? #
Successful exploitation of the vulnerabilities allows an unauthenticated attacker with adjacent network access to achieve remote code execution (RCE) as the shell user.
Are updates or workarounds available? #
Upgrade affected systems to the 2026-05-01 security patch level or later.
How to find potentially vulnerable systems with runZero #
From the Asset Inventory, use the following query to locate potentially impacted assets:
protocol:=adb AND os:Android
