Description
In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution as the shell user with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: 2026-05-04
Score: 8.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A logic error in the adbd_tls_verify_cert routine inside auth.cpp allows an attacker to bypass the wireless ADB mutual authentication handshake. Once the attacker succeeds, they can execute arbitrary code on the device’s shell user account without needing additional privileges or user interaction, achieving remote (proximal/adjacent) code execution.

Affected Systems

The vulnerability affects any Android device with wireless ADB enabled, specifically builds that contain the affected adbd implementation. While the CVE itself does not list exact OS versions, the 2026‑05‑01 security bulletin enumerates the affected releases. All devices running those builds are therefore vulnerable.

Risk and Exploitability

With a CVSS score of 8.8, the flaw poses a high‑risk opportunity for attackers. The EPSS score is not available, and the vulnerability is not present in CISA’s KEV catalog, yet the lack of user interaction and proximity requirements make exploitation still a serious threat to any device that has wireless ADB active over an unprotected or partially protected network.

Generated by OpenCVE AI on May 4, 2026 at 22:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Android security patch released in the 2026‑05‑01 bulletin to all affected devices.
  • Disable wireless ADB from the Developer Options or enforce it only for trusted development environments.
  • If a patch cannot be applied immediately, isolate the device by restricting it to secure, trusted networks and limiting physical or network proximity to potential attackers.

Generated by OpenCVE AI on May 4, 2026 at 22:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 04 May 2026 23:15:00 +0000

Type Values Removed Values Added
Title Wireless ADB Mutual Auth Bypass Allows Remote Code Execution

Mon, 04 May 2026 21:15:00 +0000

Type Values Removed Values Added
Title ADB Mutual Authentication Bypass Enabling Local Code Execution
Weaknesses CWE-287

Mon, 04 May 2026 19:45:00 +0000

Type Values Removed Values Added
Title ADB Mutual Authentication Bypass Enabling Local Code Execution
First Time appeared Google
Google android
Weaknesses CWE-287
Vendors & Products Google
Google android

Mon, 04 May 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-303
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 04 May 2026 18:15:00 +0000

Type Values Removed Values Added
Description In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution as the shell user with no additional execution privileges needed. User interaction is not needed for exploitation.
References

Subscriptions

Google Android
cve-icon MITRE

Status: PUBLISHED

Assigner: google_android

Published:

Updated: 2026-05-05T03:56:34.252Z

Reserved: 2025-10-15T15:40:58.386Z

Link: CVE-2026-0073

cve-icon Vulnrichment

Updated: 2026-05-04T18:30:29.462Z

cve-icon NVD

Status : Received

Published: 2026-05-04T18:16:26.013

Modified: 2026-05-04T19:16:01.620

Link: CVE-2026-0073

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T23:00:11Z

Weaknesses