Description
ADB Explorer is a fluent UI for ADB on Windows. Versions 0.9.26020 and below have an unvalidated command-line argument that allows any user to trigger recursive deletion of arbitrary directories on the Windows filesystem. ADB Explorer accepts an optional path argument to set a custom data directory, but only check whether the path exists. The ClearDrag() method calls Directory.Delete(dir, true) on every subdirectory of that path at both application startup and exit. An attacker can craft a malicious shortcut (.lnk) or batch script that launches ADB Explorer with a critical directory (e.g. C:\Users\%USERNAME%\Documents) as the argument, causing permanent recursive deletion of all its subdirectories. Any user who launches ADB Explorer via a crafted shortcut, batch file, or script loses the contents of the targeted directory permanently (deletion bypasses the Recycle Bin). This issue has been fixed in version 0.9.26021.
Published: 2026-02-20
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary Directory Deletion
Action: Immediate Patch
AI Analysis

Impact

ADB Explorer allows an unvalidated command-line path argument; on startup and exit it recursively deletes all subdirectories of that path, bypassing the Recycle Bin. An attacker can craft a malicious shortcut or batch script containing a critical directory (e.g., C:\Users\%USERNAME%\Documents) as the argument, which results in permanent recursive deletion of its contents. The impact is the loss of user data and potential disruption of local services. The flaw is a reference and path traversal weakness (CWE-22 and CWE-73). The vulnerability is local, requiring legitimate user execution of the application with a crafted argument, but because it is the normal functioning of a widely used tool, social engineering or simple user interaction can trigger exploitation.

Affected Systems

The vulnerability is present in Alex4SSB ADB‑Explorer version 0.9.26020 and earlier. The affected product is the Windows‑based ADB Explorer tool distributed by Alex4SSB.

Risk and Exploitability

The CVSS score is 7.1, indicating high severity, while the EPSS score is less than 1 %, suggesting low probability of exploitation in the wild. The flaw is not listed in CISA’s KEV catalog. Exploitation requires an attacker to provide a malicious command‑line argument to a locally installed instance of ADB Explorer, typically via a crafted shortcut, batch file or script. Once executed, the application deletes the specified directory tree unconditionally, making data recovery difficult. The attack vector is therefore local but practical, and if an attacker gains access to drive folders such as Documents or AppData, the loss can be significant.

Generated by OpenCVE AI on April 17, 2026 at 17:15 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install ADB Explorer version 0.9.26021 or later, which removes the unvalidated argument handling.
  • Configure AppLocker or a Software Restriction Policy to deny execution of ADB Explorer when a command‑line argument is supplied, thereby preventing shortcut‑ or script‑based exploitation.
  • Deploy file‑integrity monitoring on critical user directories to detect and alert on unexpected deletions.

Generated by OpenCVE AI on April 17, 2026 at 17:15 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 23 Mar 2026 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Alex4ssb adb Explorer
CPEs cpe:2.3:a:alex4ssb:adb_explorer:*:*:*:*:*:*:*:*
Vendors & Products Alex4ssb adb Explorer

Mon, 23 Feb 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Alex4ssb
Alex4ssb adb-explorer
Vendors & Products Alex4ssb
Alex4ssb adb-explorer

Fri, 20 Feb 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 20 Feb 2026 17:30:00 +0000

Type Values Removed Values Added
Description ADB Explorer is a fluent UI for ADB on Windows. Versions 0.9.26020 and below have an unvalidated command-line argument that allows any user to trigger recursive deletion of arbitrary directories on the Windows filesystem. ADB Explorer accepts an optional path argument to set a custom data directory, but only check whether the path exists. The ClearDrag() method calls Directory.Delete(dir, true) on every subdirectory of that path at both application startup and exit. An attacker can craft a malicious shortcut (.lnk) or batch script that launches ADB Explorer with a critical directory (e.g. C:\Users\%USERNAME%\Documents) as the argument, causing permanent recursive deletion of all its subdirectories. Any user who launches ADB Explorer via a crafted shortcut, batch file, or script loses the contents of the targeted directory permanently (deletion bypasses the Recycle Bin). This issue has been fixed in version 0.9.26021.
Title ADB Explorer is Vulnerable to Arbitrary Directory Deletion via Command-Line Argument
Weaknesses CWE-22
CWE-73
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H'}

Subscriptions

Alex4ssb Adb-explorer Adb Explorer
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-20T18:45:12.518Z

Reserved: 2026-02-17T18:42:27.043Z

Link: CVE-2026-27115

cve-icon Vulnrichment

Updated: 2026-02-20T18:44:56.540Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-20T18:25:52.920

Modified: 2026-03-23T17:16:39.533

Link: CVE-2026-27115

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T17:15:23Z

Weaknesses