CVE-2026-27615
Published: 25 February 2026
Summary
CVE-2026-27615 is a high-severity Windows UNC Share (CWE-40) vulnerability in Alex4Ssb Adb Explorer. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 7.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires validation of the ManualAdbPath input from App.txt to reject UNC paths and prevent execution of attacker-controlled remote binaries.
Mandates timely identification, reporting, and correction of the UNC path flaw via updates like Beta 0.9.26022 to eliminate the vulnerability.
Enforces secure baseline configuration settings for ADB Explorer that restrict ManualAdbPath to local paths only, mitigating UNC exploitation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability enables RCE by tricking the app into loading/executing an attacker-controlled binary from a remote UNC share after user opens malicious shortcut/archive (T1204.002); the app itself fetches the binary over the share (T1105).
NVD Description
ADB Explorer is a fluent UI for ADB on Windows. In versions prior to Beta 0.9.26022, ADB-Explorer allows the `ManualAdbPath` settings variable, which determines the path of the ADB binary to be executed, to be set to a Universal Naming…
more
Convention (UNC) path in the application's settings file. This allows an attacker to set the binary's path to point to a remote network resource, hosted on an attacker-controlled network share, thus granting the attacker full control over the binary being executed by the app. An attacker may leverage this vulnerability to execute code remotely on a victim's machine with the privileges of the user running the app. Exploitation is made possible by convincing a victim to run a shortcut of the app that points to a custom `App.txt` settings file, which sets `ManualAdbPath` (for example, when downloaded in an archive file). Version Beta 0.9.26022 fixes the issue.
Deeper analysisAI
CVE-2026-27615 affects ADB Explorer, a Windows graphical user interface for the Android Debug Bridge (ADB) tool, in versions prior to Beta 0.9.26022. The vulnerability stems from the application's acceptance of a Universal Naming Convention (UNC) path in the `ManualAdbPath` settings variable within its `App.txt` configuration file. This setting dictates the path to the ADB binary executed by the app, enabling an attacker to redirect it to a remote network share under their control. Assigned CWEs include CWE-40 (Path Equivalence: 'filename' attack) and CWE-829 (Signal Handler Race Condition), with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts.
An attacker can exploit this flaw by social engineering a victim into launching ADB Explorer via a malicious shortcut that references a custom `App.txt` file—such as one embedded in a downloaded archive. Upon execution, the app loads the tampered settings, causing it to fetch and run an ADB binary from the attacker's UNC-controlled share. This grants remote code execution on the victim's machine at the privileges of the running user, with no prerequisite privileges for the attacker beyond victim interaction.
The GitHub security advisory (GHSA-3f27-jp2g-hwhr) confirms that updating to Beta 0.9.26022 resolves the issue by preventing UNC paths in the `ManualAdbPath` setting. Security practitioners should advise users to update immediately, verify settings files for tampering, and avoid running untrusted shortcuts or archives containing ADB Explorer.
Details
- CWE(s)