CVE-2026-27115

Name of the Vulnerable Software and Affected Versions ADB Explorer versions 0.9.26020 and below

Description ADB Explorer, a fluent UI for ADB on Windows, contains a flaw due to an unvalidated command-line argument. This allows any user to trigger recursive deletion of arbitrary directories on the Windows filesystem. The application accepts a path argument to set a custom data directory, but only verifies its existence. The ClearDrag() method uses Directory.Delete(dir, true) on every subdirectory of the provided path during application startup and exit. An attacker can create a malicious shortcut or batch script that launches ADB Explorer with a critical directory as the argument, resulting in permanent, recursive deletion of all its subdirectories. This deletion bypasses the Recycle Bin.

Recommendations Update to version 0.9.26021 or later.