Home / Vulnerability Intelligence / CVE-2026-0073

CVE-2026-0073 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: May 4, 2026

Android adbd_tls_verify_cert - Authentication Bypass

Published: May 4, 2026Updated: May 4, 2026

Overview

Android adbd_tls_verify_cert in auth.cpp contains a broken authentication caused by a logic error, letting remote adjacent attackers execute code as shell user without additional privileges, exploit requires no user interaction.

Severity & Score

Severity: High

CVSS Score: 8.8

Impact

Remote adjacent attackers can execute code as shell user without extra privileges, risking system compromise.

Mitigation

Update to the latest version with the fix for this authentication bypass.

References

https://source.android.com/docs/security/bulletin/2026/2026-05-01

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-0073
Severity: High
CVSS Score: 8.8
Type: broken_authentication
Status: new

CWE

CWE-303

CVSS Metrics

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H