CVE-2026-26959

HIGH EPSS 7.2%
Published Feb 20, 20264mo ago · Modified Apr 15, 20262mo ago
7.8 CVSS 3.1
High
Find Similar
Published Feb 20, 2026 4mo ago
Last Modified Apr 15, 2026 2mo ago

Description

ADB Explorer is a fluent UI for ADB on Windows. Versions 0.9.26020 and below fail to validate the integrity or authenticity of the ADB binary path specified in the ManualAdbPath setting before executing it, allowing arbitrary code execution with the privileges of the current user. An attacker can exploit this by crafting a malicious App.txt settings file that points ManualAdbPath to an arbitrary executable, then convincing a victim to launch the application with a command-line argument directing it to the malicious configuration directory. This vulnerability could be leveraged through social engineering tactics, such as distributing a shortcut bundled with a crafted settings file in an archive, resulting in RCE upon application startup. Thus issue has been fixed in version 0.9.26021.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
7.2% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-829

References 3

  • github.com https://github.com/Alex4SSB/ADB-Explorer/commit/1b9fed20e875f5e74fd04e9889402f969c2d34e4
  • github.com https://github.com/Alex4SSB/ADB-Explorer/releases/tag/v0.9.26021
  • github.com https://github.com/Alex4SSB/ADB-Explorer/security/advisories/GHSA-gcgv-2jq7-74rp

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.