Google introduced on Monday the discharge of an Android replace patching a crucial vulnerability that may be exploited for distant code execution.
The flaw, tracked as CVE-2026-0073, impacts Android’s System part, permitting an attacker to use it to execute code because the shell person with out extra execution privileges. Person interplay will not be required for exploitation.
The advisory reveals that the difficulty impacts ‘adbd’ (Android Debug Bridge daemon), a background course of working on Android units that manages communication between the machine and a pc, facilitating debugging and shell entry.
Google has knowledgeable customers that no patches have been launched this month for Put on OS, Pixel Watch, Android XR, and Android Automotive.
There is no such thing as a indication that CVE-2026-0073 has been exploited in malicious assaults.
Just one Android vulnerability patched this 12 months has been flagged as exploited within the wild.
A number of flaws have been exploited in assaults final 12 months, together with CVE-2024-43093, CVE-2024-50302, CVE‑2025‑27038, CVE-2025-48543, and CVE-2025-38352.
Google introduced final week that it has considerably elevated most bug bounty payouts for Android machine vulnerabilities, providing as much as $1.5 million for a zero-click Pixel Titan M exploit with persistence.
