Description
A potential vulnerability was reported in the Lenovo FileZ Android application that, under certain conditions, could allow a local authenticated user to retrieve some sensitive data stored in a log file.
Published: 2026-03-11
Score: 2.4 Low
EPSS: < 1% Very Low
KEV: No
Impact: Local Log File Data Exposure
Action: Apply Patch
AI Analysis

Impact

A local authenticated user on the Lenovo FileZ Android application can retrieve some sensitive data stored in a log file under certain conditions. This vulnerability, identified as CWE‑532, allows access to data that is not intended to be publicly accessible.

Affected Systems

Lenovo FileZ Android application. No specific affected version was listed in the CNA data; the issue applies wherever the application’s log handling is present.

Risk and Exploitability

The overall CVSS score is 2.4, reflecting a low severity. EPSS indicates a very low likelihood of exploitation (<1%), and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires a local authenticated user, so it is unlikely to be attacked remotely or broadly.

Generated by OpenCVE AI on April 16, 2026 at 09:20 UTC.

Remediation

Vendor Solution

Update FileZ Android application to version 11.1.0.37 or later.

OpenCVE Recommended Actions

  • Update FileZ Android application to version 11.1.0.37 or later.
  • Delete or clear pre‑existing log files that may contain sensitive data.
  • Configure or patch the application to restrict or remove logging of sensitive information.

Generated by OpenCVE AI on April 16, 2026 at 09:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://www.filez.com/securityPolicy cve-icon cve-icon
History

Thu, 16 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
Title Local Authenticated User Can Read Sensitive Data from Log File in Lenovo FileZ Android App

Thu, 12 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 11 Mar 2026 20:45:00 +0000

Type Values Removed Values Added
Description A potential vulnerability was reported in the Lenovo FileZ Android application that, under certain conditions, could allow a local authenticated user to retrieve some sensitive data stored in a log file.
First Time appeared Lenovo
Lenovo filez
Weaknesses CWE-532
CPEs cpe:2.3:a:lenovo:filez:*:*:android:*:*:*:*:*
Vendors & Products Lenovo
Lenovo filez
References
Metrics cvssV3_1

{'score': 2.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N'}

cvssV4_0

{'score': 2.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Lenovo Filez
cve-icon MITRE

Status: PUBLISHED

Assigner: lenovo

Published:

Updated: 2026-03-12T16:19:19.144Z

Reserved: 2025-12-16T22:08:55.203Z

Link: CVE-2026-0520

cve-icon Vulnrichment

Updated: 2026-03-12T15:35:55.606Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-11T21:16:13.683

Modified: 2026-03-12T21:08:22.643

Link: CVE-2026-0520

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T09:30:06Z

Weaknesses