CVE-2026-27615
Remote Code Execution via UNC Path Injection in ADB Explorer
Publication date: 2026-02-25
Last updated on: 2026-02-27
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| alex4ssb | adb_explorer | to 0.9.26022 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-40 | The product accepts input that identifies a Windows UNC share ('\\UNC\share\name') that potentially redirects access to an unintended location or arbitrary file. |
| CWE-829 | The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-27615 is a high-severity remote code execution vulnerability in ADB-Explorer, a Windows application for managing ADB. The issue arises because the application allows the ManualAdbPath setting, which specifies the path to the ADB binary, to be set to a Universal Naming Convention (UNC) path pointing to a remote network share. An attacker can host a malicious executable on a network share they control and set ManualAdbPath to point to this location.'}, {'type': 'paragraph', 'content': "Although the application verifies the binary's integrity by hashing it during startup, it only uses this verification for the initial check and does not revalidate the binary before executing subsequent commands. This allows an attacker to replace the binary on the network share with any malicious executable, which the app will then run with the privileges of the user."}, {'type': 'paragraph', 'content': "Exploitation requires convincing a user to run the app with a specially crafted settings file that sets ManualAdbPath to the attacker's UNC path. This vulnerability was fixed in version Beta 0.9.26022."}] [1]
How can this vulnerability impact me? :
This vulnerability can allow an attacker to execute arbitrary code remotely on your machine with the same privileges as the user running ADB-Explorer. This means the attacker can potentially take full control of your system, access sensitive data, modify or delete files, install malware, or disrupt system operations.
Because the attack requires user interaction to run the app with a malicious settings file, social engineering or tricking the user into launching the app in this way is necessary. However, no prior privileges or complex conditions are required for the attack to succeed once the user runs the manipulated app.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability can be detected by checking if the ADB-Explorer application is configured to use a ManualAdbPath setting that points to a Universal Naming Convention (UNC) path, which is a remote network share. Specifically, you should inspect the application's settings file for the ManualAdbPath variable and verify whether it references a remote SMB share (e.g., paths starting with \\\\)."}, {'type': 'paragraph', 'content': 'Additionally, monitoring network traffic for SMB connections initiated by ADB-Explorer could help identify attempts to access remote binaries.'}, {'type': 'paragraph', 'content': 'Suggested commands to detect this include:'}, {'type': 'list_item', 'content': 'On Windows, use PowerShell or Command Prompt to search for ManualAdbPath in the settings file, for example: `Select-String -Path "path\\to\\settings\\App.txt" -Pattern "ManualAdbPath"`'}, {'type': 'list_item', 'content': 'Check if the ManualAdbPath value contains a UNC path (starts with \\\\), indicating a remote network resource.'}, {'type': 'list_item', 'content': 'Use network monitoring tools or commands like `netstat -an | findstr 445` to detect SMB connections that might be related to ADB-Explorer.'}, {'type': 'list_item', 'content': 'Inspect running processes or command line arguments to see if ADB-Explorer is executing binaries from remote paths.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'The immediate mitigation step is to upgrade ADB-Explorer to version Beta 0.9.26022 or later, where this vulnerability is fixed.'}, {'type': 'paragraph', 'content': "Until the upgrade can be applied, ensure that the ManualAdbPath setting in the application's settings file does not point to any UNC paths or remote network shares."}, {'type': 'paragraph', 'content': 'Avoid running the application with custom or untrusted settings files that could specify a malicious ManualAdbPath.'}, {'type': 'paragraph', 'content': 'Restrict SMB access and monitor for unusual SMB traffic to prevent attackers from hosting malicious binaries on network shares.'}, {'type': 'paragraph', 'content': 'Educate users to not run shortcuts or application instances from untrusted sources or archives that might contain manipulated settings files.'}] [1]