Description
A potential insecure permissions vulnerability was reported in Legion Zone and the Lenovo App Store Windows applications, distributed exclusively in the Chinese market, that when installed on a non‑system partition, could allow a local user to execute arbitrary code.
Published: 2026-07-16
Score: 7.3 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

Vendor Solution

Update Lenovo Legion Zone to version 2.0.26 or later.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
History

Thu, 16 Jul 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 16 Jul 2026 17:00:00 +0000

Type Values Removed Values Added
Description A potential insecure permissions vulnerability was reported in Legion Zone and the Lenovo App Store Windows applications, distributed exclusively in the Chinese market, that when installed on a non‑system partition, could allow a local user to execute arbitrary code.
First Time appeared Lenovo
Lenovo app Store
Lenovo legion Zone
Weaknesses CWE-277
CPEs cpe:2.3:a:lenovo:app_store:*:*:windows:*:*:*:*:*
cpe:2.3:a:lenovo:legion_zone:*:*:windows:*:*:*:*:*
Vendors & Products Lenovo
Lenovo app Store
Lenovo legion Zone
References
Metrics cvssV3_1

{'score': 7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 7.3, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


Subscriptions

Lenovo App Store Legion Zone
cve-icon MITRE

Status: PUBLISHED

Assigner: lenovo

Published:

Updated: 2026-07-16T17:51:28.237Z

Reserved: 2026-05-19T19:01:33.092Z

Link: CVE-2026-9046

cve-icon Vulnrichment

Updated: 2026-07-16T17:51:24.803Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses
  • CWE-277

    Insecure Inherited Permissions