CVE-2026-27115 is a path traversal vulnerability classified under CWE-22 and CWE-73 affecting Alex4SSB's ADB-Explorer, a Windows-based fluent UI for Android Debug Bridge (ADB). Versions 0.9.26020 and earlier improperly validate an optional command-line argument that specifies a custom data directory. The application only verifies the existence of the directory path but does not sanitize or restrict it, allowing an attacker to specify any directory on the Windows filesystem. The ClearDrag() method recursively deletes all subdirectories within the specified path at both application startup and exit by invoking Directory.Delete(dir, true). An attacker can exploit this by crafting a malicious shortcut (.lnk) or batch script that launches ADB-Explorer with a critical system or user directory (e.g., C:\Users\%USERNAME%\Documents) as the argument. When a user executes this shortcut or script, the application recursively deletes all subdirectories within the targeted directory, bypassing the Recycle Bin and causing irreversible data loss. The vulnerability requires local user interaction to trigger but does not require elevated privileges or authentication. No known exploits are reported in the wild as of publication. The issue was resolved in version 0.9.26021 by implementing proper validation and restrictions on the path argument to prevent arbitrary directory deletion.

This vulnerability can lead to severe data loss and disruption for affected users. Organizations relying on ADB-Explorer for Android development or device management on Windows systems risk permanent deletion of critical user or system data if a malicious shortcut or script is executed. The impact includes loss of important documents, configuration files, and potentially system instability if system directories are targeted. Since the deletion bypasses the Recycle Bin, recovery is difficult without backups. This can result in operational downtime, loss of productivity, and potential financial costs associated with data recovery efforts. Although exploitation requires local user interaction, social engineering or insider threats could facilitate triggering the vulnerability. The integrity and availability of data are directly compromised, but confidentiality is not affected. The vulnerability poses a significant risk especially in environments where users frequently run third-party scripts or shortcuts without verification.

The primary mitigation is to upgrade ADB-Explorer to version 0.9.26021 or later, where the vulnerability is fixed. Until upgrading, organizations should implement strict controls on execution of shortcuts and scripts, especially those that launch ADB-Explorer with command-line arguments. Employ application whitelisting and restrict user permissions to prevent unauthorized creation or execution of malicious shortcuts. Educate users about the risks of running untrusted scripts or shortcuts. Implement endpoint detection and response (EDR) solutions to monitor for suspicious deletion activities initiated by ADB-Explorer. Regularly back up important data and verify backup integrity to enable recovery from accidental or malicious deletions. Additionally, consider sandboxing or running ADB-Explorer in a controlled environment to limit filesystem access. Review and audit usage of ADB-Explorer in organizational environments to identify and remediate vulnerable installations.