CVE-2026-36027
Received Received - Intake

Code Execution via USB Debugging in Code27 Companion Hub

Vulnerability report for CVE-2026-36027, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-08

Last updated on: 2026-07-08

Assigner: MITRE

Description

An issue in Code27 Companion Hub SQ3A.220705.003.A1 allows a physically proximate attacker to execute arbitrary code via the USB debugging (ADB) and Android Debug Bridge components

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-08
Last Modified
2026-07-08
Generated
2026-07-09
AI Q&A
2026-07-09
EPSS Evaluated
N/A
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
code27 companion_hub sq3a.220705.003.a1

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1313 During runtime, the hardware allows for test or debug logic (feature) to be activated, which allows for changing the state of the hardware. This feature can alter the intended behavior of the system and allow for alteration and leakage of sensitive data by an adversary.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-36027 is a vulnerability in the Code27 Companion Hub device that allows a physically proximate attacker to execute arbitrary code by exploiting the USB debugging (ADB) and Android Debug Bridge components.

The device runs a userdebug build of Android, which permits the ADB daemon (adbd) to be restarted with root privileges in recovery mode. An attacker with physical access can boot the device into recovery mode, connect via USB, and restart adbd as root, gaining a root-privileged ADB shell.

This root shell provides read/write access to the recovery environment, allowing the attacker to enumerate device properties, access recovery functions like sideloading or partition operations, and modify persistent device state. This can lead to establishing a foothold on the device during normal operation.

Impact Analysis

This vulnerability can allow an attacker with physical access to the Code27 Companion Hub device to gain root-level control over the recovery environment.

With this access, the attacker can modify persistent device state, potentially install malicious updates, or alter system partitions indirectly, which may compromise the device's integrity and security.

Such control could lead to unauthorized code execution, data manipulation, or persistent malware installation, undermining the device's intended functionality and user trust.

Detection Guidance

This vulnerability can be detected by checking if the device can be booted into recovery mode and if the Android Debug Bridge (ADB) daemon can be restarted with root privileges. Physical access to the device is required.

Suggested commands to detect the vulnerability include powering off the device, booting it into recovery mode, connecting via USB, and using ADB commands to restart the adbd daemon as root. This can be done by running commands such as:

  • adb reboot recovery
  • adb root
  • adb shell

If these commands succeed in providing a root-privileged ADB shell in recovery mode, the device is vulnerable.

Mitigation Strategies

To mitigate the vulnerability CVE-2026-36027, immediate steps should focus on preventing physical access to the device, as the exploit requires physical proximity and USB connection.

Additionally, disabling USB debugging (ADB) and restricting access to recovery mode can reduce the risk of exploitation.

Ensuring the device is powered off or kept in a secure environment when not in use can help prevent an attacker from booting into recovery mode and gaining root access.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-36027. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart