Description
A vulnerability was identified in the Lenovo Android Application, distributed exclusively on tablets in the Chinese market, that could allow a website visited by the built-in browser to overwrite system clipboard contents.
Published: 2026-06-10
Score: 5.1 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in Lenovo’s Android Application, available only on Chinese‑market tablets, permits a website accessed via the device’s built‑in browser to overwrite the system clipboard. The weakness, classified as CWE‑749, allows the attacker to replace user data such as copied passwords or other sensitive information, potentially facilitating phishing or credential harvesting. The impact is limited to data confidentiality and integrity of the clipboard content; it does not grant code execution or widespread system compromise.*

Affected Systems

The vulnerability affects the Lenovo Android Application on tablets sold exclusively in the Chinese market. No other Lenovo products or platform versions are listed as impacted. The affected version is the pre‑update release that ships with the application prior to version 7.3.8.

Risk and Exploitability

The CVSS score of 5.1 indicates a moderate severity. No EPSS value is provided, and the vulnerability is not listed in CISA’s KEV catalog, suggesting currently no evidence of active exploitation. Attack success requires a user to visit a malicious web page within the built‑in browser; the attacker can then inject a script that writes to the clipboard. The attack vector is local to the device, relying on user interaction with the browser, and does not exploit remote code execution or elevate privileges.*

Generated by OpenCVE AI on June 10, 2026 at 15:52 UTC.

Remediation

Vendor Solution

Update Lenovo Application for Android to version 7.3.8 or later.

OpenCVE Recommended Actions

  • Update Lenovo Application for Android to version 7.3.8 or later
  • If a patch cannot be applied immediately, avoid using the built‑in browser to visit untrusted sites or disable clipboard overwrite permissions in the application settings
  • Consider installing a third‑party browser that does not expose clipboard modification capabilities

Generated by OpenCVE AI on June 10, 2026 at 15:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 16:15:00 +0000

Type Values Removed Values Added
Title Clipboard Overwrite via Malicious Website in Lenovo Android Application

Wed, 10 Jun 2026 14:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in the Lenovo Android Application, distributed exclusively on tablets in the Chinese market, that could allow a website visited by the built-in browser to overwrite system clipboard contents.
First Time appeared Lenovo
Lenovo application
Weaknesses CWE-749
CPEs cpe:2.3:a:lenovo:application:*:*:android:*:*:*:*:*
Vendors & Products Lenovo
Lenovo application
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Lenovo Application
cve-icon MITRE

Status: PUBLISHED

Assigner: lenovo

Published:

Updated: 2026-06-10T16:04:24.256Z

Reserved: 2026-04-30T16:01:06.878Z

Link: CVE-2026-7516

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-10T15:16:42.657

Modified: 2026-06-10T15:16:42.657

Link: CVE-2026-7516

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T16:00:07Z

Weaknesses