CVE-2026-26959
Arbitrary Code Execution in ADB Explorer via Unvalidated ADB Path
Publication date: 2026-02-20
Last updated on: 2026-02-20
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| alex4ssb | adb_explorer | to 0.9.26021 (exc) |
| alex4ssb | adb_explorer | 0.9.26021 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-829 | The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'This vulnerability allows an attacker to execute arbitrary code on your machine with the same privileges as the user running ADB Explorer.'}, {'type': 'paragraph', 'content': 'An attacker can exploit this by tricking you into launching the application with a malicious settings file that points to a harmful executable, potentially leading to unauthorized actions such as installing malware, stealing data, or damaging your system.'}, {'type': 'paragraph', 'content': "Because the execution happens with your user privileges, the impact depends on your account's permissions but can be severe, including full compromise of your user environment."}] [3]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
Can you explain this vulnerability to me?
CVE-2026-26959 is a vulnerability in ADB Explorer, a Windows UI for ADB, where versions 0.9.26020 and below do not validate the integrity or authenticity of the ADB binary path specified in the ManualAdbPath setting before executing it.
This allows an attacker to craft a malicious settings file (App.txt) that points ManualAdbPath to an arbitrary executable. When a victim launches the application with a command-line argument directing it to the malicious configuration directory, the application executes the arbitrary executable with the privileges of the current user.
The vulnerability can be exploited through social engineering, such as distributing a shortcut bundled with the crafted settings file in an archive, causing remote code execution (RCE) upon application startup.
This issue was fixed in version 0.9.26021 by adding SHA-256 verification of the ADB executable against a trusted list to ensure file integrity and prevent tampering.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking if the ADB-Explorer application is running a potentially malicious or unauthorized ADB binary specified by the ManualAdbPath setting in its App.txt configuration file.'}, {'type': 'paragraph', 'content': 'To detect exploitation attempts or presence of malicious configuration, you can inspect the App.txt file used by ADB-Explorer for suspicious ManualAdbPath values pointing to unexpected executables.'}, {'type': 'paragraph', 'content': 'Suggested commands to detect suspicious ManualAdbPath settings or launched processes:'}, {'type': 'list_item', 'content': 'Search for App.txt files with ManualAdbPath entries: \nOn Windows command prompt or PowerShell: \n`findstr /s /i "ManualAdbPath" C:\\path\\to\\search\\*.txt`'}, {'type': 'list_item', 'content': "Check running processes for unexpected executables launched by ADB-Explorer: \nUsing PowerShell: \n`Get-Process | Where-Object { $_.Path -like '*adb_explorer*' } | Select-Object Id, ProcessName, Path`"}, {'type': 'list_item', 'content': 'Verify the hash of the ADB executable being used matches known good SHA-256 hashes (if possible, manually calculate SHA-256 hash of the ADB binary and compare against trusted list).'}, {'type': 'paragraph', 'content': 'Because the vulnerability involves executing arbitrary binaries specified in configuration files, monitoring for unusual or unexpected executables launched alongside or by ADB-Explorer can help detect exploitation.'}] [3]
What immediate steps should I take to mitigate this vulnerability?
The immediate and most effective mitigation is to upgrade ADB-Explorer to version 0.9.26021 or later, which includes a security patch that verifies the integrity and authenticity of the ADB executable using SHA-256 hash checks.
Additional mitigation steps include:
- Do not run ADB-Explorer with untrusted or unknown configuration directories or App.txt files, especially those received from unverified sources.
- Avoid launching ADB-Explorer with command-line arguments pointing to directories containing suspicious or untrusted settings files.
- Manually verify the ManualAdbPath setting in App.txt files to ensure it points to legitimate ADB binaries.
- Implement endpoint security controls to detect and block execution of unauthorized binaries.
The patched version also improves security by storing temporary drag files in a safer location and requiring explicit arguments for the settings file path, reducing attack surface.