← Retour aux CVEs

CVE-2026-26208

HIGH

7.8

Description

ADB Explorer is a fluent UI for ADB on Windows. Prior to Beta 0.9.26020, ADB Explorer is vulnerable to Insecure Deserialization leading to Remote Code Execution. The application attempts to deserialize the App.txt settings file using Newtonsoft.Json with TypeNameHandling set to Objects. This allows an attacker to supply a crafted JSON file containing a gadget chain (e.g., ObjectDataProvider) to execute arbitrary code when the application launches and subsequently saves its settings. This vulnerability is fixed in Beta 0.9.26020.

Details CVE

Score CVSS v3.17.8

SeveriteHIGH

Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vecteur d'attaqueLOCAL

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurREQUIRED

Publie2/13/2026

Derniere modification2/13/2026

Sourcenvd

Observations honeypot0

Faiblesses (CWE)

CWE-502

References

https://github.com/Alex4SSB/ADB-Explorer/commit/776f132cede86e1405520f2a28c78276dda5ab5a(security-advisories@github.com)

https://github.com/Alex4SSB/ADB-Explorer/issues/294(security-advisories@github.com)

https://github.com/Alex4SSB/ADB-Explorer/releases/tag/v0.9.26020(security-advisories@github.com)

https://github.com/Alex4SSB/ADB-Explorer/security/advisories/GHSA-49qx-wpxj-p4mh(security-advisories@github.com)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.