CVE-2026-36027
Received
Received - Intake
Code Execution via USB Debugging in Code27 Companion Hub
Vulnerability report for CVE-2026-36027, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-08
Last updated on: 2026-07-08
Assigner: MITRE
Description
Description
An issue in Code27 Companion Hub SQ3A.220705.003.A1 allows a physically proximate attacker to execute arbitrary code via the USB debugging (ADB) and Android Debug Bridge components
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| code27 | companion_hub | sq3a.220705.003.a1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1313 | During runtime, the hardware allows for test or debug logic (feature) to be activated, which allows for changing the state of the hardware. This feature can alter the intended behavior of the system and allow for alteration and leakage of sensitive data by an adversary. |