¡¾·ì϶¹«¸æ¡¿Android ADB ÈÏÖ¤ÈÆ¹ý·ì϶(CVE-2026-0073)

°ä²¼¹¦·ò 2026-05-06

Ò»¡¢·ì϶¸ÅÊö


·ìϼûû³Æ

Android ADB ÈÏÖ¤ÈÆ¹ý·ì϶

CVE   ID

CVE-2026-0073

·ì϶ÀàÐÍ

ÈÏÖ¤ÈÆ¹ý

·¢ÏÖ¹¦·ò

2026-5-6

·ì϶ÆÀ·Ö

8.8

·ì϶µÈ¼¶

¸ßΣ

¹¥»÷ÏòÁ¿

¾ÖÓòÍø

ËùÐèȨÏÞ

ÎÞ

ÀûÓÃÄѶÈ

µÍ

Óû§½»»¥

²»±ØÒª

PoC/EXP

Òѹ«¿ª

ÔÚÒ°ÀûÓÃ

δ·¢ÏÖ


AndroidÊÇGoogleÍÆ³öµÄÒÆ¶¯²Ù×÷ϵͳ  £¬¿í·ºÀûÓÃÓÚÖÇÄÜÊÖ»ú¡¢Æ½°å¼°Ç¶ÈëʽÉ豸  £¬Ìṩ¸øÓ÷¨Ê½ÖÎÀí¡¢Ó²¼þÇý¶¯¡¢ÏµÍ³°²È«ºÍÍøÂçͨѶְÄÜ  £¬Ö§³Öwireless ADBµ÷ÊÔ¼°Ô¶³ÌÖÎÀí¡£


2026Äê5ÔÂ6ÈÕ  £¬28Ȧ°²È«Ó¦¼±ÏìÓ¦ÖÐÐÄ£¨VSRC£©¼à²âµ½Android ADBÈÏÖ¤ÈÆ¹ý·ì϶¡£¸Ã·ì϶´æÔÚÓÚplatform/packages/modules/adb/daemon/auth.cppÎļþÖÐ  £¬ÓÉÓÚadbd_tls_verify_certʹÓÃEVP_PKEY_cmpÑéÖ¤¿Í»§¶ËÖ¤Ê鹫ԿʱºöÂÔ¿çËã·¨±ÈÁ¦·µ»ØÖµ  £¬µ¼Ö¹¥»÷Õß¿ÉÔÚÎÞÐèÓû§½»»¥Çé¿öÏÂÈÆ¹ýÉí·ÝÑéÖ¤  £¬Í¨¹ýÌṩ·ÇRSA TLS¿Í»§¶ËÖ¤Êé³ÉΪÊÚȨADB host²¢»ñÈ¡shellÓû§È¨ÏÞ  £¬´Ó¶øÔ¶³Ì½Ó¼ûϵͳµ÷ÊÔ½Ó¿Ú  £¬¶ÁÈ¡Ãô¸ÐÐÅÏ¢¡¢Ö´ÐкÅÁî¡¢Åú¸ÄÅäÖà  £¬¿ÉÄÜÎ¥·´Êý¾Ý±£»¤ºÍÆóÒµ°²È«Õþ²ß  £¬¶Ô»ú¹¹ºÍÓû§°²È«Ôì³ÉÑϳÁÓ°Ïì¡£


¶þ¡¢Ó°ÏìÁìÓò


Android 14 < 2026-05-01°²È«²¹¶¡
Android 15 < 2026-05-01°²È«²¹¶¡
Android 16 < 2026-05-01°²È«²¹¶¡
Android 16-qpr2 < 2026-05-01°²È«²¹¶¡


Èý¡¢°²È«´ëÊ©


3.1 Éý¼¶°æ±¾


¹Ù·½ÒѰ䲼½¨¸´²¹¶¡  £¬ÒÔ½¨¸´¸Ã·ì϶¡£
×°ÖÃAndroidϵͳ°²È«²¹¶¡2026-05-01»ò¸ü¸ß°æ±¾  £¬È·±£adbd×Ó×é¼þÒѽ¨¸´·ì϶


ÏÂÔØÁ´½Ó£ºhttps://source.android.com/docs/security/bulletin/2026/2026-05-01?hl=zh-cn/


3.2 һʱ´ëÊ©


ÔÝÎÞ¡£


3.3 ͨÓý¨Òé


? ¶¨ÆÚ¸üÐÂϵͳ²¹¶¡  £¬Ï÷¼õϵͳ·ì϶  £¬ÌáÉý·þÎñÆ÷µÄ°²È«ÐÔ¡£
? ¼ÓǿϵͳºÍÍøÂçµÄ½Ó¼û½ÚÔì  £¬Åú¸Ä·À»ðǽսÊõ  £¬¹Ø¹Ø·Ç±ØÒªµÄÀûÓö˿ڻò·þÎñ  £¬Ï÷¼õ½«Î£ÏÕ·þÎñ£¨ÈçSSH¡¢RDPµÈ£©Â¶³öµ½¹«Íø  £¬Ï÷¼õ¹¥»÷Ãæ¡£
? Ê¹ÓÃÆóÒµ¼¶°²È«²úÆ·  £¬ÌáÉýÆóÒµµÄÍøÂ簲ȫ»úÄÜ¡£
? ¼ÓǿϵͳÓû§ºÍȨÏÞÖÎÀí  £¬ÆôÓöà³É·ÖÈÏÖ¤»úÔìºÍ×îÓ×ȨÏÞ×¼Ôò  £¬Óû§ºÍÈí¼þȨÏÞӦά³ÖÔÚ×îµÍÏÞ¶È¡£
? ÆôÓÃÇ¿ÃÜÂëÕ½Êõ²¢ÉèÖÃΪ¶¨ÆÚÅú¸Ä¡£


3.4 ²Î¿¼Á´½Ó


https://source.android.com/docs/security/bulletin/2026/2026-05-01?hl=zh-cn/
https://barghest.asia/blog/cve-2026-0073-adb-tls-auth-bypass/