CVE-2026-0073

Name of the Vulnerable Software and Affected Versions Android versions 14 through 16

Description A logic error in the adbd tls verify cert function within auth.cpp of the Android Debug Bridge daemon (adbd) allows a bypass of wireless ADB mutual authentication. Additionally, a memory corruption flaw exists in the packet-parsing logic during the initial handshake and service discovery phase. Specifically, the adbd daemon fails to properly validate the length of incoming service announcement packets during mDNS (Multicast DNS) or SSDP (Simple Service Discovery Protocol) negotiation. An integer underflow in the boundary check logic can lead to a heap-based buffer overflow when parsing the "service name" field.

This is a zero-click issue requiring no user interaction. An attacker within proximal range—sharing a local Wi-Fi network or within Bluetooth proximity—can broadcast a specially crafted service discovery packet to achieve remote code execution as the shell user. This allows the attacker to bypass application-layer security boundaries and gain immediate terminal access to the device. Real-world incidents of active mass exploitation have been reported, where attackers use this access to perform reconnaissance, siphon credentials from the internal keystore, and move laterally to other vulnerable devices on the same network.

Recommendations Update Android 14, 15, and 16 devices to the May 2026 security patch (2026-05-01 or later). Disable the "Wireless debugging" feature in Settings > System > Developer options. Restrict access to the adbd daemon by disabling the Developer Options menu via Enterprise Mobility Management (EMM) solutions for corporate fleets.