Vulnerability in Google Android
CVE-2026-0073
In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution as the shell user with no additional execu…
EPSS: 0.000 (1.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Google Android — versions 15.0, 14.0, 15
Weakness classification (CWE)
Public proof-of-concept exploits
- SecTestAnnaQuinn/CVE-2026-0073-Android-adbd-authentication-bypass-POC
- adityatelange/poc-CVE-2026-0073
- 0xbinder/CVE-2026-0073
- MartinPSDev/CVE-2026-0073-Android-ADBD-bypass-POC
- novaek/CVE-2026-0073-Research
- unnaim/adbHijacker
- devtint/CVE-2026-0073
- 0xBlackash/CVE-2026-0073
- thakur2309/CVE-2026-0073-ZERO-CLICK
- u33pk/CVE-2026-0073-poc
References
- security@android.com (vendor-advisory, Vendor Advisory)
Frequently asked questions
- What is CVE-2026-0073?
- CVE-2026-0073 is a high-severity vulnerability in Google Android, classified under Incorrect Implementation of Authentication Algorithm. CVSS score: 8.8/10. Published 2026-05-04.
- How severe is CVE-2026-0073?
- High severity. CVSS v3 base score is 8.8 out of 10.
- Is CVE-2026-0073 known to be exploited?
- 17 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.