Critical Zero-Click Android Flaw Grants Remote Shell Access Without Interaction
Ddos 
Google has issued an urgent warning in its May 2026 Android Security Bulletin regarding a critical vulnerability discovered in the core System component. The flaw, tracked as CVE-2026-0073, could allow an attacker to achieve remote code execution as the shell user with absolutely no additional privileges or user interaction required.
The vulnerability targets a logic error within the wireless debugging protocol, potentially leaving millions of modern Android devices vulnerable to “zero-click” takeovers by proximal attackers.
The heart of the issue resides in the adbd_tls_verify_cert function within auth.cpp. According to the bulletin, a logic error in this code facilitates a bypass of wireless ADB (Android Debug Bridge) mutual authentication.
Wireless ADB was designed to be a secure, encrypted way for developers to interact with their devices over a network, utilizing TLS certificates to ensure only authorized computers can connect. However, this critical flaw effectively breaks that handshake, allowing an unauthorized device in proximal or adjacent range to impersonate a trusted workstation.
What makes CVE-2026-0073 particularly dangerous is:
- No Interaction Needed: Unlike traditional phishing or malware, the victim does not need to click a link, accept a prompt, or grant a permission for the exploit to succeed.
- Shell Privileges: Once executed, the attacker gains the permissions of the shell user, providing broad access to device functions and data.
- No Privileges Required: The exploit does not rely on any existing vulnerabilities or elevated settings on the device to function.
The vulnerability is part of Project Mainline, specifically affecting the adbd subcomponent. It impacts a wide range of current Android versions, including:
- Android 14
- Android 15
- Android 16 and 16-qpr2
Google has stated that security patch levels of 2026-05-01 or later address this critical issue. Android users are strongly encouraged to check their settings and apply the latest system updates immediately.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
