CVE-2026-27615
Received Received - Intake
Remote Code Execution via UNC Path Injection in ADB Explorer

Publication date: 2026-02-25

Last updated on: 2026-02-27

Assigner: GitHub, Inc.

Description
ADB Explorer is a fluent UI for ADB on Windows. In versions prior to Beta 0.9.26022, ADB-Explorer allows the `ManualAdbPath` settings variable, which determines the path of the ADB binary to be executed, to be set to a Universal Naming Convention (UNC) path in the application's settings file. This allows an attacker to set the binary's path to point to a remote network resource, hosted on an attacker-controlled network share, thus granting the attacker full control over the binary being executed by the app. An attacker may leverage this vulnerability to execute code remotely on a victim's machine with the privileges of the user running the app. Exploitation is made possible by convincing a victim to run a shortcut of the app that points to a custom `App.txt` settings file, which sets `ManualAdbPath` (for example, when downloaded in an archive file). Version Beta 0.9.26022 fixes the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-25
Last Modified
2026-02-27
Generated
2026-06-16
AI Q&A
2026-02-25
EPSS Evaluated
2026-06-14
NVD
CVE-2026-27615
EUVD
EUVD-2026-8596
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
alex4ssb adb_explorer to 0.9.26022 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-829 The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.
CWE-40 The product accepts input that identifies a Windows UNC share ('\\UNC\share\name') that potentially redirects access to an unintended location or arbitrary file.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-27615 is a high-severity remote code execution vulnerability in ADB-Explorer, a Windows application for managing ADB. The issue arises because the application allows the ManualAdbPath setting, which specifies the path to the ADB binary, to be set to a Universal Naming Convention (UNC) path pointing to a remote network share. An attacker can host a malicious executable on a network share they control and set ManualAdbPath to point to this location.'}, {'type': 'paragraph', 'content': "Although the application verifies the binary's integrity by hashing it during startup, it only uses this verification for the initial check and does not revalidate the binary before executing subsequent commands. This allows an attacker to replace the binary on the network share with any malicious executable, which the app will then run with the privileges of the user."}, {'type': 'paragraph', 'content': "Exploitation requires convincing a user to run the app with a specially crafted settings file that sets ManualAdbPath to the attacker's UNC path. This vulnerability was fixed in version Beta 0.9.26022."}] [1]

Impact Analysis

This vulnerability can allow an attacker to execute arbitrary code remotely on your machine with the same privileges as the user running ADB-Explorer. This means the attacker can potentially take full control of your system, access sensitive data, modify or delete files, install malware, or disrupt system operations.

Because the attack requires user interaction to run the app with a malicious settings file, social engineering or tricking the user into launching the app in this way is necessary. However, no prior privileges or complex conditions are required for the attack to succeed once the user runs the manipulated app.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability can be detected by checking if the ADB-Explorer application is configured to use a ManualAdbPath setting that points to a Universal Naming Convention (UNC) path, which is a remote network share. Specifically, you should inspect the application's settings file for the ManualAdbPath variable and verify whether it references a remote SMB share (e.g., paths starting with \\\\)."}, {'type': 'paragraph', 'content': 'Additionally, monitoring network traffic for SMB connections initiated by ADB-Explorer could help identify attempts to access remote binaries.'}, {'type': 'paragraph', 'content': 'Suggested commands to detect this include:'}, {'type': 'list_item', 'content': 'On Windows, use PowerShell or Command Prompt to search for ManualAdbPath in the settings file, for example: `Select-String -Path "path\\to\\settings\\App.txt" -Pattern "ManualAdbPath"`'}, {'type': 'list_item', 'content': 'Check if the ManualAdbPath value contains a UNC path (starts with \\\\), indicating a remote network resource.'}, {'type': 'list_item', 'content': 'Use network monitoring tools or commands like `netstat -an | findstr 445` to detect SMB connections that might be related to ADB-Explorer.'}, {'type': 'list_item', 'content': 'Inspect running processes or command line arguments to see if ADB-Explorer is executing binaries from remote paths.'}] [1]

Mitigation Strategies

[{'type': 'paragraph', 'content': 'The immediate mitigation step is to upgrade ADB-Explorer to version Beta 0.9.26022 or later, where this vulnerability is fixed.'}, {'type': 'paragraph', 'content': "Until the upgrade can be applied, ensure that the ManualAdbPath setting in the application's settings file does not point to any UNC paths or remote network shares."}, {'type': 'paragraph', 'content': 'Avoid running the application with custom or untrusted settings files that could specify a malicious ManualAdbPath.'}, {'type': 'paragraph', 'content': 'Restrict SMB access and monitor for unusual SMB traffic to prevent attackers from hosting malicious binaries on network shares.'}, {'type': 'paragraph', 'content': 'Educate users to not run shortcuts or application instances from untrusted sources or archives that might contain manipulated settings files.'}] [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-27615. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart