CVE-2026-27115 is a path traversal vulnerability categorized under CWE-22 and CWE-73 affecting Alex4SSB's ADB Explorer, a Windows-based fluent UI for ADB. Versions 0.9.26020 and earlier improperly handle an optional command-line argument that specifies a custom data directory. The application only verifies the existence of the provided path but does not validate or sanitize it to restrict it within a safe directory boundary. The ClearDrag() method recursively deletes all subdirectories within the specified directory by calling Directory.Delete(dir, true) during application startup and exit. An attacker can exploit this by crafting a malicious shortcut (.lnk) or batch script that launches ADB Explorer with a critical system or user directory (e.g., C:\Users\%USERNAME%\Documents) as the argument. When a user runs this crafted shortcut, the application recursively deletes all subdirectories under the targeted directory, permanently removing data without sending it to the Recycle Bin. This vulnerability requires user interaction but no elevated privileges or authentication. The flaw can lead to significant data loss and disruption of user or system operations. The vendor has addressed this issue in version 0.9.26021 by presumably adding proper validation or restricting directory deletion scope. No known exploits have been reported in the wild as of the publication date.

The primary impact of this vulnerability is the permanent loss of data due to recursive deletion of arbitrary directories on affected Windows systems. This affects data integrity and availability severely, as critical user or system files can be deleted without recovery options like the Recycle Bin. Organizations relying on ADB Explorer for Android device management on Windows may face operational disruptions, loss of important documents, or configuration files if users inadvertently execute malicious shortcuts or scripts. The attack vector requires user interaction, limiting remote exploitation but increasing risk from social engineering or insider threats. The lack of privilege requirements means any user on the system can be targeted, potentially leading to widespread data loss on shared machines. Although confidentiality is not directly impacted, the destruction of data can cause significant business continuity issues, loss of productivity, and potential compliance violations if critical data is destroyed. The absence of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially in environments where ADB Explorer is widely deployed.

1. Immediately update ADB Explorer to version 0.9.26021 or later, where the vulnerability is fixed. 2. Educate users to avoid launching ADB Explorer via untrusted shortcuts, batch files, or scripts, especially those received from unknown or unverified sources. 3. Implement application whitelisting and restrict execution of unauthorized scripts or shortcuts that invoke ADB Explorer. 4. Use endpoint protection solutions to detect and block suspicious file deletions or abnormal process behaviors related to ADB Explorer. 5. Regularly back up critical user and system data to enable recovery in case of accidental or malicious deletion. 6. Employ Windows file system permissions to limit user ability to delete critical directories or subdirectories where feasible. 7. Monitor logs for unusual ADB Explorer startup or exit events that may indicate exploitation attempts. 8. Consider sandboxing or running ADB Explorer with least privilege to reduce potential damage scope. These steps go beyond generic advice by focusing on user behavior, execution control, and proactive detection tailored to this specific deletion vulnerability.