Cyber Posture

CVE-2026-0073

High

Published: 04 May 2026

Published
04 May 2026
Modified
05 May 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 2.4th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-0073 is a high-severity Incorrect Implementation of Authentication Algorithm (CWE-303) vulnerability in Google Android. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 2.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-18 (Wireless Access) and IA-3 (Device Identification and Authentication).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation of Remote Services (T1210) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates the logic error in adbd_tls_verify_cert by requiring timely flaw remediation through identification, testing, and installation of vendor patches for this CVE.

IA-3 Device Identification and Authentication good match
prevent

Requires device identification and authentication before establishing connections, preventing bypass of mutual authentication in wireless ADB sessions.

AC-18 Wireless Access good match
prevent

Enforces authorization and security controls for wireless access, blocking unauthorized proximal/adjacent exploitation of ADB authentication bypass.

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
attack.mitre.org →
T1133 External Remote Services Persistence
Adversaries may leverage external-facing remote services to initially access and/or persist within a network.
attack.mitre.org →
Why these techniques?

Logic flaw enables auth bypass on exposed wireless ADB remote service, directly facilitating unauthorized remote code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution as the shell user with no additional execution privileges needed.…

more

User interaction is not needed for exploitation.

Deeper analysisAI

CVE-2026-0073 is a logic error in the adbd_tls_verify_cert function of auth.cpp that enables bypassing mutual authentication for wireless ADB. This vulnerability affects Android components supporting wireless debugging via the Android Debug Bridge (ADB) daemon.

An attacker on an adjacent network can exploit this issue with low attack complexity, no privileges, and no user interaction required. Successful exploitation leads to proximal/adjacent remote code execution as the shell user, with high confidentiality, integrity, and availability impacts (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, score 8.8) and no additional execution privileges needed.

The Android Security Bulletin provides details on affected versions and patches for mitigation: https://source.android.com/docs/security/bulletin/2026/2026-05-01.

Details

CWE(s)
CWE-303

Affected Products

google
android
14.0, 15.0, 16.0

CVEs Like This One

CVE-2025-0075Same product: Google Android
CVE-2024-49747Same product: Google Android
CVE-2024-49748Same product: Google Android
CVE-2025-22411Same product: Google Android
CVE-2025-22412Same product: Google Android
CVE-2025-22403Same product: Google Android
CVE-2026-0111Same product: Google Android
CVE-2025-22408Same product: Google Android
CVE-2025-26438Same product: Google Android
CVE-2024-53842Same product: Google Android

References