CVE-2026-27115
Recursive Directory Deletion Vulnerability in ADB Explorer on Windows
Publication date: 2026-02-20
Last updated on: 2026-03-23
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| alex4ssb | adb_explorer | to 0.9.26021 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
| CWE-73 | The product allows user input to control or influence paths or file names that are used in filesystem operations. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-27115 is a high-severity vulnerability in ADB Explorer versions 0.9.26020 and below on Windows. It arises because the application accepts a command-line argument to set a custom data directory path but only checks if the path exists without validating its safety or location.'}, {'type': 'paragraph', 'content': "At both startup and exit, the application calls a method that recursively deletes all subdirectories within the specified path. An attacker can exploit this by crafting a malicious shortcut or script that launches ADB Explorer with a critical directory (such as a user's Documents folder) as the argument."}, {'type': 'paragraph', 'content': 'When the victim runs this crafted shortcut, the application permanently deletes all subdirectories inside the targeted directory, bypassing the Recycle Bin. This can lead to significant data loss and potential system damage.'}] [1]
How can this vulnerability impact me? :
This vulnerability can cause permanent and recursive deletion of arbitrary directories on the Windows filesystem when a user runs a specially crafted shortcut or script that launches ADB Explorer.
- Loss of important user data such as documents, photos, work files, and projects.
- Potential deletion of critical system directories if run with elevated privileges, which can cause system instability or even prevent the system from booting.
- The deletion bypasses the Recycle Bin, making recovery difficult or impossible without backups.
- Partial deletion can occur even if some directories are locked, due to the method silently swallowing exceptions.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability involves ADB Explorer being launched with a crafted command-line argument that causes recursive deletion of directories. Detection involves identifying instances where ADB Explorer is executed with unusual or suspicious path arguments, especially those pointing to critical directories.'}, {'type': 'paragraph', 'content': 'Since the vulnerability is triggered by command-line arguments, monitoring process creation events for ADB Explorer with unexpected arguments can help detect exploitation attempts.'}, {'type': 'paragraph', 'content': 'Suggested commands or methods include:'}, {'type': 'list_item', 'content': 'On Windows, use PowerShell to monitor process creation with suspicious arguments, for example:'}, {'type': 'list_item', 'content': 'Get-WinEvent -FilterHashtable @{LogName=\'Microsoft-Windows-Sysmon/Operational\';ID=1} | Where-Object { $_.Message -like \'*ADB Explorer*\' -and $_.Message -match \'".*"\' }'}, {'type': 'list_item', 'content': 'Alternatively, use Sysinternals Process Monitor or Sysmon to log process creation events and filter for ADB Explorer executions with command-line arguments that point to critical directories like C:\\Users\\, C:\\Windows\\System32, or Program Files.'}, {'type': 'list_item', 'content': 'Check for unexpected deletions in important directories by reviewing Windows event logs or using file integrity monitoring tools.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation is to upgrade ADB Explorer to version 0.9.26021 or later, where the vulnerability has been fixed.
This fixed version enforces stricter validation of command-line arguments by requiring a full path to a settings file instead of a directory, preventing arbitrary directory deletion.
Additional immediate steps include:
- Avoid running ADB Explorer with untrusted or unknown command-line arguments.
- Do not launch ADB Explorer via shortcuts, batch files, or scripts from untrusted sources.
- Implement user education to prevent executing malicious shortcuts or scripts that exploit this vulnerability.
- Use file system permissions to restrict who can execute ADB Explorer or modify its shortcuts.