CVE-2026-26959

Name of the Vulnerable Software and Affected Versions ADB Explorer versions 0.9.26020 and below

Description ADB Explorer versions 0.9.26020 and below do not properly validate the integrity or authenticity of the ADB binary path specified in the ManualAdbPath setting before execution. This can lead to arbitrary code execution with the privileges of the current user. An attacker can exploit this by creating a malicious App.txt settings file that points ManualAdbPath to an arbitrary executable and then convincing a user to launch the application with a command-line argument directing it to the malicious configuration directory. This could be achieved through social engineering, such as distributing a shortcut bundled with a crafted settings file in an archive, resulting in remote code execution upon application startup.

Recommendations Versions prior to 0.9.26021 should be updated.