Description
A potential path traversal vulnerability was reported in Lenovo App Store, distributed exclusively in the Chinese market, that could allow a local authenticated user to execute arbitrary code.
Published: 2026-07-16
Score: 7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

Vendor Solution

Update Lenovo Store Windows Application to version 9.0.2930.0514 or later.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
History

Thu, 16 Jul 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 16 Jul 2026 17:00:00 +0000

Type Values Removed Values Added
Description A potential path traversal vulnerability was reported in Lenovo App Store, distributed exclusively in the Chinese market, that could allow a local authenticated user to execute arbitrary code.
First Time appeared Lenovo
Lenovo app Store
Weaknesses CWE-22
CPEs cpe:2.3:a:lenovo:app_store:*:*:windows:*:*:*:*:*
Vendors & Products Lenovo
Lenovo app Store
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 7, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


Subscriptions

Lenovo App Store
cve-icon MITRE

Status: PUBLISHED

Assigner: lenovo

Published:

Updated: 2026-07-16T17:45:15.555Z

Reserved: 2026-06-23T19:38:58.369Z

Link: CVE-2026-13103

cve-icon Vulnrichment

Updated: 2026-07-16T17:43:34.276Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses
  • CWE-22

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')