CVE-2026-26208
- Source
- https://cve.org/CVERecord?id=CVE-2026-26208
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-26208.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-26208
- Aliases
-
- GHSA-49qx-wpxj-p4mh
- Published
- 2026-02-13T18:48:56.398Z
- Modified
- 2026-02-16T01:12:43.792462Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- ADB Explorer Vulnerable to Remote Code Execution via Insecure Deserialization
- Details
-
ADB Explorer is a fluent UI for ADB on Windows. Prior to Beta 0.9.26020, ADB Explorer is vulnerable to Insecure Deserialization leading to Remote Code Execution. The application attempts to deserialize the App.txt settings file using Newtonsoft.Json with TypeNameHandling set to Objects. This allows an attacker to supply a crafted JSON file containing a gadget chain (e.g., ObjectDataProvider) to execute arbitrary code when the application launches and subsequently saves its settings. This vulnerability is fixed in Beta 0.9.26020.
- Database specific
{ "cwe_ids": [ "CWE-502" ], "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/26xxx/CVE-2026-26208.json" }- References
-
- https://github.com/Alex4SSB/ADB-Explorer/commit/776f132cede86e1405520f2a28c78276dda5ab5a
- https://github.com/Alex4SSB/ADB-Explorer/issues/294
- https://github.com/Alex4SSB/ADB-Explorer/releases/tag/v0.9.26020
- https://github.com/Alex4SSB/ADB-Explorer/security/advisories/GHSA-49qx-wpxj-p4mh
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/26xxx/CVE-2026-26208.json
- https://nvd.nist.gov/vuln/detail/CVE-2026-26208
Affected packages
Git / github.com/alex4ssb/adb-explorer
Affected ranges
- Type
- GIT
- Repo
- https://github.com/alex4ssb/adb-explorer
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.7.0
v0.7.1
v0.7.2
v0.7.3
v0.7.4
v0.7.5
v0.7.6
v0.7.7
v0.7.9
v0.7.9001
v0.8.23030
v0.8.23050
v0.8.23060
v0.8.23090
v0.8.23120
v0.8.24030
v0.8.24060
v0.8.24120
v0.8.24121
v0.9.25020
v0.9.25021
v0.9.25022
v0.9.25050
v0.9.25051
v0.9.25052
v0.9.25060
v0.9.25066
v0.9.25070
v0.9.25080
v0.9.25090
v0.9.25100
v0.9.25101
v0.9.25101r
v0.9.25102
v0.9.25110
v0.9.25111
v0.9.26010
v0.9.26011