### Vulnerability Key Information #### Vulnerability Overview - **Vulnerability Type**: Insecure Deserialization leading to Remote Code Execution (RCE) - **Source**: ADB Explorer - **Vulnerability ID**: GHSA-49qx-wpxj-p4mh - **CVE ID**: CVE-2026-26208 - **Severity**: High (Score: 7.8/10) #### Affected Versions - **Affected Versions**: Beta 0.9.26020 #### Detailed Description - **Root Cause**: ADB Explorer uses `Newtonsoft.Json` to deserialize the `App.txt` configuration file with `TypeNameHandling` set to `Objects`, allowing attackers to craft a malicious JSON file containing a gadget chain. - **Problematic Code Snippet**: ```csharp private static readonly JsonSerializerSettings JsonSettings = new() { TypeNameHandling = TypeNameHandling.Objects }; var j0bj = JsonConvert.DeserializeObject(keyValue[1], JsonSettings); ``` - **PoC Steps**: 1. Create a directory named `MaliciousConfig`. 2. Inside the directory, create an `App.txt` file containing malicious content. 3. Launch ADB Explorer pointing to this directory. 4. Upon closing the application, `calc.exe` will be executed. #### Impact - Attackers can exploit this vulnerability to execute arbitrary code on the target machine, with privileges equivalent to the user running ADB Explorer.