Primary

Context

Android Wireless ADB Mutual Authentication Bypass Vulnerability Allowing Remote Code Execution

Vulnerability

A logic error in the Android Debug Bridge (ADB) over TLS mutual authentication process can be exploited to bypass authentication. This vulnerability allows for remote code execution as the shell user, without requiring additional execution privileges or user interaction. It affects devices with Android security patch levels prior to 2026-05-01.

Impact

Exploitation of this vulnerability could lead to unauthorized remote code execution as the shell user.

Remediation

Users can update their devices to the 2026-05-01 security patch level to address this vulnerability. Instructions for checking and updating the Android version are available on the Google Support website.

Added: May 4, 2026, 6:31 PM

Updated: May 4, 2026, 6:31 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.9

remediation

0.0

relevance

7.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.9

remediation

0.0

relevance

7.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Android Wireless ADB Mutual Authentication Bypass Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating