MDR
Solutions
Partners
About
Resources
Affected Environment
Android devices with security patch levels earlier than 2026-05-05 are exposed. Devices updated to 2026-05-05 include the relevant fixes.
Threat Overview
CVE-2026-0073 affects Android wireless ADB authentication. An attacker on a nearby or adjacent network may execute code as the shell user.
Exposure Timeline
Google’s bulletin lists this issue in the 2026-05-01 security patch level. Devices remain exposed until the 2026-05-01 or 2026-05-05 patches are applied.
Attack Surface
Exposure exists where wireless ADB is reachable on proximal or adjacent networks. Devices using default or unpatched adbd components are in scope.
Technical Root Cause
A logic error in adbd_tls_verify_cert in auth.cpp allows bypass of mutual TLS certificate verification. This weakens wireless ADB authentication controls.
Exploitation Pathway
An attacker on a nearby network targets the wireless ADB channel. By bypassing mutual authentication, they can achieve remote shell-level code execution.
Operational Impact
Attackers can run commands as the shell user without user interaction. This enables access to limited system data and debugging interfaces on devices.
Strategic Impact
Unpatched Android fleets increase lateral movement and data exposure risk. Fragmented patching across vendors may leave mixed security levels in the estate.
Required Mitigation
Ensure Android devices are updated to at least the 2026-05-05 security patch level. Validate Google Play system updates for adbd are applied where available.
Incident Response Guidance
Identify Android devices below 2026-05-05 patch level and prioritise updates. Review wireless ADB usage, restricting or disabling it on managed devices.
References
Android Security Bulletin 2026-05-01 documents CVE-2026-0073 and fixes.
Trusted by clients worldwide
Led by human expertise and powered by the VisionX platform, we provide you with a 24/7 unbeatable Managed Detection & Response capability giving you transparent and consolidated security solutions.
.jpg)