{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27615", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-20T19:43:14.603Z", "datePublished": "2026-02-25T02:33:53.553Z", "dateUpdated": "2026-02-27T17:09:58.886Z"}, "containers": {"cna": {"title": "ADB-Explorer: UNC Path Support in ManualAdbPath Leads to Remote Code Execution (RCE)", "problemTypes": [{"descriptions": [{"cweId": "CWE-40", "lang": "en", "description": "CWE-40: Path Traversal: 'UNCsharename' (Windows UNC Share)", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-829", "lang": "en", "description": "CWE-829: Inclusion of Functionality from Untrusted Control Sphere", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "version": "4.0"}}], "references": [{"name": "https://github.com/Alex4SSB/ADB-Explorer/security/advisories/GHSA-3f27-jp2g-hwhr", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Alex4SSB/ADB-Explorer/security/advisories/GHSA-3f27-jp2g-hwhr"}], "affected": [{"vendor": "Alex4SSB", "product": "ADB-Explorer", "versions": [{"version": "< Beta 0.9.26022", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-25T02:33:53.553Z"}, "descriptions": [{"lang": "en", "value": "ADB Explorer is a fluent UI for ADB on Windows. In versions prior to Beta 0.9.26022, ADB-Explorer allows the `ManualAdbPath` settings variable, which determines the path of the ADB binary to be executed, to be set to a Universal Naming Convention (UNC) path in the application's settings file. This allows an attacker to set the binary's path to point to a remote network resource, hosted on an attacker-controlled network share, thus granting the attacker full control over the binary being executed by the app. An attacker may leverage this vulnerability to execute code remotely on a victim's machine with the privileges of the user running the app. Exploitation is made possible by convincing a victim to run a shortcut of the app that points to a custom `App.txt` settings file, which sets `ManualAdbPath` (for example, when downloaded in an archive file). Version Beta 0.9.26022 fixes the issue."}], "source": {"advisory": "GHSA-3f27-jp2g-hwhr", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/Alex4SSB/ADB-Explorer/security/advisories/GHSA-3f27-jp2g-hwhr", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-27T17:09:52.407737Z", "id": "CVE-2026-27615", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-27T17:09:58.886Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27615", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-27T17:09:52.407737Z"}}}], "references": [{"url": "https://github.com/Alex4SSB/ADB-Explorer/security/advisories/GHSA-3f27-jp2g-hwhr", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-27T17:09:44.818Z"}}], "cna": {"title": "ADB-Explorer: UNC Path Support in ManualAdbPath Leads to Remote Code Execution (RCE)", "source": {"advisory": "GHSA-3f27-jp2g-hwhr", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Alex4SSB", "product": "ADB-Explorer", "versions": [{"status": "affected", "version": "< Beta 0.9.26022"}]}], "references": [{"url": "https://github.com/Alex4SSB/ADB-Explorer/security/advisories/GHSA-3f27-jp2g-hwhr", "name": "https://github.com/Alex4SSB/ADB-Explorer/security/advisories/GHSA-3f27-jp2g-hwhr", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "ADB Explorer is a fluent UI for ADB on Windows. In versions prior to Beta 0.9.26022, ADB-Explorer allows the `ManualAdbPath` settings variable, which determines the path of the ADB binary to be executed, to be set to a Universal Naming Convention (UNC) path in the application's settings file. This allows an attacker to set the binary's path to point to a remote network resource, hosted on an attacker-controlled network share, thus granting the attacker full control over the binary being executed by the app. An attacker may leverage this vulnerability to execute code remotely on a victim's machine with the privileges of the user running the app. Exploitation is made possible by convincing a victim to run a shortcut of the app that points to a custom `App.txt` settings file, which sets `ManualAdbPath` (for example, when downloaded in an archive file). Version Beta 0.9.26022 fixes the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-40", "description": "CWE-40: Path Traversal: 'UNCsharename' (Windows UNC Share)"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-829", "description": "CWE-829: Inclusion of Functionality from Untrusted Control Sphere"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-25T02:33:53.553Z"}}}, "cveMetadata": {"cveId": "CVE-2026-27615", "state": "PUBLISHED", "dateUpdated": "2026-02-27T17:09:58.886Z", "dateReserved": "2026-02-20T19:43:14.603Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-25T02:33:53.553Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:alex4ssb:adb_explorer:*:*:*:*:*:windows:*:*", "matchCriteriaId": "C02EA1E7-E0FF-4607-A021-2FB1BC886AB7", "versionEndExcluding": "0.9.26022", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "ADB Explorer is a fluent UI for ADB on Windows. In versions prior to Beta 0.9.26022, ADB-Explorer allows the `ManualAdbPath` settings variable, which determines the path of the ADB binary to be executed, to be set to a Universal Naming Convention (UNC) path in the application's settings file. This allows an attacker to set the binary's path to point to a remote network resource, hosted on an attacker-controlled network share, thus granting the attacker full control over the binary being executed by the app. An attacker may leverage this vulnerability to execute code remotely on a victim's machine with the privileges of the user running the app. Exploitation is made possible by convincing a victim to run a shortcut of the app that points to a custom `App.txt` settings file, which sets `ManualAdbPath` (for example, when downloaded in an archive file). Version Beta 0.9.26022 fixes the issue."}], "id": "CVE-2026-27615", "lastModified": "2026-02-27T19:04:28.260", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-02-25T03:16:05.990", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/Alex4SSB/ADB-Explorer/security/advisories/GHSA-3f27-jp2g-hwhr"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/Alex4SSB/ADB-Explorer/security/advisories/GHSA-3f27-jp2g-hwhr"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-40"}, {"lang": "en", "value": "CWE-829"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-829"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,Beta 0.9.26022)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "ADB-Explorer", "source": "cna", "vendor": "Alex4SSB"}, "product": "adb-explorer", "vendor": "alex4ssb"}], "analysis": {"en": {"generated_at": "2026-04-16T16:16:59.697367+00:00", "value": {"mitigation_remediation": ["Upgrade ADB-Explorer to version Beta 0.9.26022 or later, which removes the ability to set ManualAdbPath to a UNC path.", "If an upgrade is not immediately possible, locate and delete any custom App.txt files that reference network shares, and configure the application to use only local paths for the ADB binary.", "Disallow the use of shortcuts that point to externally supplied configuration files; verify the integrity of the settings file before opening the application."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The affected product is Alex4SSB ADB\u2011Explorer, a Windows\u2011based fluent UI for ADB. All installations of the product older than Beta 0.9.26022 are susceptible. The vulnerability is present only in Windows builds of the application and requires a user to launch the app using a malicious settings file.", "description_and_impact": "In versions of ADB-Explorer released before Beta 0.9.26022, the system allows the ManualAdbPath setting to be defined as a UNC path in the application\u2019s settings file. If an attacker supplies a custom configuration file that points the binary path to a remote network share, the application will download and run the remote binary. The attacker can thus execute arbitrary code on the victim\u2019s machine with the privileges of the user running ADB\u2011Explorer. The vulnerability is a type of uncontrolled input flaw that permits arbitrary code execution on the local system.", "risk_and_exploitability": "The CVSS v3.1 score of 8.8 indicates a high\u2011severity flaw. The EPSS probability is reported as less than 1%, suggesting that exploitation may not be widespread at present, yet the availability of a fix and the high impact make it a priority. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires the victim to open a shortcut that references a user\u2011supplied settings file, a scenario that typically involves social engineering. Once the shortcut is executed, the remote binary is run under the user's account, enabling full control of the victim system."}}}}, "created": "2026-02-25T11:34:59.624881+00:00", "updated": "2026-04-16T16:30:15.923593+00:00", "vendors": ["alex4ssb", "alex4ssb$PRODUCT$adb-explorer"]}