What is CVE-2026-26959?

CVE-2026-26959 is a high-severity vulnerability in Alex4ssb Adb-explorer, classified under Inclusion of Functionality from Untrusted Control Sphere. CVSS score: 7.8/10. Published 2026-02-19.

How severe is CVE-2026-26959?

High severity. CVSS v3 base score is 7.8 out of 10.

Vulnerability in Alex4ssb Adb-explorer

CVE-2026-26959

ADB Explorer is a fluent UI for ADB on Windows. Versions 0.9.26020 and below fail to validate the integrity or authenticity of the ADB binary path specified in the ManualAdbPath setting before executing it, allowing arbitrary code executio…

EPSS: 0.000 (0.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Alex4ssb Adb-explorer — versions < 0.9.26021

Weakness classification (CWE)

CWE-829 — Inclusion of Functionality from Untrusted Control Sphere

References

https://github.com/Alex4SSB/ADB-Explorer/security/advisories/GHSA-gcgv-2jq7-74rp (x_refsource_CONFIRM)
https://github.com/Alex4SSB/ADB-Explorer/commit/1b9fed20e875f5e74fd04e9889402f969c2d34e4 (x_refsource_MISC)
https://github.com/Alex4SSB/ADB-Explorer/releases/tag/v0.9.26021 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-26959?: CVE-2026-26959 is a high-severity vulnerability in Alex4ssb Adb-explorer, classified under Inclusion of Functionality from Untrusted Control Sphere. CVSS score: 7.8/10. Published 2026-02-19.
How severe is CVE-2026-26959?: High severity. CVSS v3 base score is 7.8 out of 10.