CVE DATABASE / CVE-2026-0073

CVE-2026-0073

CVSS 8.8 · HIGH

Summary

In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution as the shell user with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS 3.1 breakdown

Base score	8.8 (HIGH)
Vector	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack vector	ADJACENT_NETWORK
Attack complexity	LOW
Privileges required	NONE
User interaction	NONE
Scope	UNCHANGED
Confidentiality	HIGH
Integrity	HIGH
Availability	HIGH

Weakness type (CWE)

CWE-303

Affected products

Google android

Check this CVE live

Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.

Our coverage

CVE-2026-0073: Critical Android RCE Flaw Affects Android 14 Through 16

References

https://source.android.com/docs/security/bulletin/2026/2026-05-01

Data: NIST NVD. NVD last modified 2026-05-05. Always verify against the vendor advisory before acting.