CVE-2026-2368
HIGHSeverity by source
AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to execute arbitrary code.
AnalysisAI
Lenovo Filez fails to properly validate SSL/TLS certificates, enabling network-positioned attackers to intercept traffic and execute arbitrary code on affected systems. An attacker with the ability to perform man-in-the-middle attacks can exploit this weakness to compromise user devices without authentication. No patch is currently available to remediate this vulnerability.
Technical ContextAI
Classified as CWE-295 (Improper Certificate Validation). An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to execute arbitrary code.
Affected ProductsAI
An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network
RemediationAI
Monitor vendor advisories for a patch.
Same weakness CWE-295 – Improper Certificate Validation
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today