Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionNVD
A vulnerability was identified in the Lenovo Android Application, distributed exclusively on tablets in the Chinese market, that could allow a website visited by the built-in browser to overwrite system clipboard contents.
AnalysisAI
Clipboard hijacking in Lenovo's built-in Android browser application allows a malicious website to silently overwrite system clipboard contents on affected devices. The vulnerability impacts Lenovo Android tablets distributed exclusively in the Chinese market, enabling a network-based attacker to manipulate clipboard data when a user visits a crafted website. No confirmed active exploitation (CISA KEV) or public exploit code has been identified at time of analysis; EPSS data was not provided in available intelligence.
Technical ContextAI
The affected component is the Lenovo-developed Android Application (CPE: cpe:2.3:a:lenovo:application:*:*:*:*:*:*:*:*) bundled as a built-in browser on Lenovo tablets sold in China. The root cause is classified as CWE-749 (Exposed Dangerous Method or Function), meaning the browser exposes a privileged Android API or JavaScript interface that should not be accessible to untrusted web content - specifically, the ability to write to the Android system clipboard. This class of vulnerability typically arises when a WebView-based application registers a JavaScript bridge or addJavascriptInterface binding that exposes clipboard-write functionality without proper origin validation or permission gating. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:A) confirms the attack is network-initiated, low complexity, requires no attacker privileges, but does require active user interaction (the user must navigate to a malicious page).
RemediationAI
The primary remediation is to apply the vendor-released patch per Lenovo's official advisory at https://iknow.lenovo.com.cn/detail/440821; an exact fixed application version was not independently confirmed from the provided data and should be obtained directly from that advisory. Users on affected Lenovo Chinese-market tablets should update the Lenovo Application via the device's system update mechanism or app update channel as instructed by Lenovo. As a compensating control prior to patching, users should avoid using the built-in browser for general web browsing, particularly on untrusted or unknown sites, and instead use a third-party browser (Chrome, Firefox) that does not expose this clipboard interface. Additionally, users should be cautious when pasting clipboard content after browsing - especially for cryptocurrency wallet addresses, passwords, or sensitive URLs - by manually verifying clipboard contents before use. Note that restricting the built-in browser may affect system-level functionality on these tablets if it is used as the default handler for links.
Unrestricted file upload vulnerability in andesk/managementsuite/core/core.anonymous/ServerSetup.asmx in the ServerSetup
Directory traversal vulnerability in the VulCore web service (WSVulnerabilityCore/VulCore.asmx) in Lenovo ThinkManagemen
Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allo
The content://wappush content provider in com.android.provider.telephony, as found in some custom ROMs for Android phone
Local privilege escalation in the FluxInk (formerly Sunia SPB Peripheral) Color Management Driver TcnPeripheral64.sys ve
The Dolby DAX2 and DAX3 API services are vulnerable to a privilege escalation vulnerability that allows a normal user to
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by nav
A DLL preloading vulnerability was reported in Lenovo Driver Management prior to version 2.9.0719.1104 that could allow
A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ab
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by mak
The Lenovo Service Framework Android application executes some system commands without proper sanitization of external i
Same weakness CWE-749 – Exposed Dangerous Method or Function
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-36046
GHSA-wx95-xvqf-3525