Skip to content

SecTestAnnaQuinn/CVE-2026-0073-Android-adbd-authentication-bypass-POC

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
README.md
README.md
 
 
adb_tls_auth_bypass.py
adb_tls_auth_bypass.py
 
 

Repository files navigation

Research on CVE-2026-0073. An auth bypass allowing any attacker with local network access to connect to an Android device with dev tools and wireless debugging or ADB-over-TCP enabled. Device needs to have been paired before.

This has been tested working on Android 14 in Android Studio. Should work on others as well but exploitability may vary.

Here you can see me removing the key needed to attach to ADB after starting the service and connecting to it to store a key by pairing. Afterwards I cannot connect via ADB.

Screenshot 2026-05-05 155745

Here you can see the bypass working without issue even though there is no key present to use for connections.

image

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

77 stars

Watchers

1 watching

Forks

36 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages