A potential path traversal vulnerability was reported in Lenovo App Store, distributed exclusively in the Chinese market, that could allow a local authenticated user to execute arbitrary code.

Project Subscriptions

Vendors Products
App Store Subscribe
Advisories

No advisories yet.

Fixes

Solution

Update Lenovo Store Windows Application to version 9.0.2930.0514 or later.


Workaround

No workaround given by the vendor.

References
History

Thu, 16 Jul 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 16 Jul 2026 17:00:00 +0000

Type Values Removed Values Added
Description A potential path traversal vulnerability was reported in Lenovo App Store, distributed exclusively in the Chinese market, that could allow a local authenticated user to execute arbitrary code.
First Time appeared Lenovo
Lenovo app Store
Weaknesses CWE-22
CPEs cpe:2.3:a:lenovo:app_store:*:*:windows:*:*:*:*:*
Vendors & Products Lenovo
Lenovo app Store
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 7, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: lenovo

Published:

Updated: 2026-07-16T17:45:15.555Z

Reserved: 2026-06-23T19:38:58.369Z

Link: CVE-2026-13103

cve-icon Vulnrichment

Updated: 2026-07-16T17:43:34.276Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-16T18:45:03Z

Weaknesses