Logic Error in Wireless ADB Authentication in Android Products
CVE-2026-0073

8.8HIGH

Key Information:

Vendor: Google
Status: Android
Vendor: CVE Published:; 4 May 2026

What is CVE-2026-0073?

A significant logic error in the adbd_tls_verify_cert function of auth.cpp in various Android versions permits a bypass of the wireless ADB mutual authentication process. This flaw can lead to unauthorized remote code execution by exploiting the vulnerability as the shell user without requiring any additional privileges. Exploitation does not necessitate user interaction, making this vulnerability particularly concerning for devices that rely on ADB for wireless communication.

Affected Version(s)

Android 16-qpr2

Android 16

Android 15

References

https://source.android.com/docs/security/bulletin/2026/20...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 4, 2026
Vulnerability Reserved
Oct 15, 2025

Credit

Ovi (@0x0v1 + Barghest.asia)

CVE-2026-0073 Data

JSON

Google

What is CVE-2026-0073?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit