Cyber Resilience

CVE-2026-0073

High

Published: 04 May 2026

Published
04 May 2026
Modified
05 May 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0054 41.4th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-0073 is a high-severity Incorrect Implementation of Authentication Algorithm (CWE-303) vulnerability in Google Android. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 41.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-18 (Wireless Access) and IA-3 (Device Identification and Authentication).

Deeper analysis

CVE-2026-0073 is a logic error in the adbd_tls_verify_cert function of auth.cpp that enables bypassing mutual authentication for wireless ADB. This vulnerability affects Android components supporting wireless debugging via the Android Debug Bridge (ADB) daemon.

An attacker on an adjacent network can exploit this issue with low attack complexity, no privileges, and no user interaction required. Successful exploitation leads to proximal/adjacent remote code execution as the shell user, with high confidentiality, integrity, and availability impacts (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, score 8.8) and no additional execution privileges needed.

The Android Security Bulletin provides details on affected versions and patches for mitigation: https://source.android.com/docs/security/bulletin/2026/2026-05-01.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution as the shell user with no additional execution privileges needed.…

more

User interaction is not needed for exploitation.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
T1133 External Remote Services Persistence
Adversaries may leverage external-facing remote services to initially access and/or persist within a network.
Why these techniques?

Logic flaw enables auth bypass on exposed wireless ADB remote service, directly facilitating unauthorized remote code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-49747Same product: Google Android
CVE-2024-43770Same product: Google Android
CVE-2024-43771Same product: Google Android
CVE-2024-49748Same product: Google Android
CVE-2025-22412Same product: Google Android
CVE-2025-22411Same product: Google Android
CVE-2025-0075Same product: Google Android
CVE-2024-43096Same product: Google Android
CVE-2026-0111Same product: Google Android
CVE-2025-22408Same product: Google Android

Affected Assets

google
android
14.0, 15.0, 16.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the logic error in adbd_tls_verify_cert by requiring timely flaw remediation through identification, testing, and installation of vendor patches for this CVE.

prevent

Requires device identification and authentication before establishing connections, preventing bypass of mutual authentication in wireless ADB sessions.

prevent

Enforces authorization and security controls for wireless access, blocking unauthorized proximal/adjacent exploitation of ADB authentication bypass.

References