Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Local authenticated low-privilege access (AV:L/PR:L) with required user interaction (UI:R) yielding full code execution, so high C/I/A and unchanged scope.
Primary rating from Vendor (lenovo).
CVSS VectorVendor: lenovo
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A potential path traversal vulnerability was reported in Lenovo App Store, distributed exclusively in the Chinese market, that could allow a local authenticated user to execute arbitrary code.
AnalysisAI
Local code execution in Lenovo App Store (Chinese-market distribution only) lets an authenticated local user abuse a path traversal weakness to write or load files outside intended directories and run arbitrary code. The flaw was self-reported by Lenovo and carries a CVSS 4.0 base score of 7.0; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a local authenticated account on a device running the Chinese-market Lenovo App Store client (AV:L, PR:L), plus user interaction (UI:P) - the victim must be induced to perform an action such as confirming or triggering an install/resource operation that the client then processes. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The signals are internally consistent and point to a moderate, not critical, real-world priority. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A low-privileged but authenticated user (or malware running in that user's context) on a Chinese-market Lenovo device crafts a package or resource with an embedded traversal path and induces the App Store client to process it, for example by getting the victim to open or confirm a malicious install prompt (UI:P). The traversal writes an executable payload to a location the client later runs, yielding arbitrary code execution on the local host. … |
| Remediation | Update the Lenovo App Store client to the fixed release per Lenovo's advisory at https://iknow.lenovo.com.cn/detail/441419; an exact patched version number is not included in the provided data, so treat the vendor advisory as the source of the specific fix build and apply the latest available client version. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, inventory all Lenovo devices running the App Store in Chinese markets and assess operational dependency on this application. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
A DLL hijack vulnerability was reported in Lenovo App Store that could allow a local attacker to execute code with eleva
Local code execution in Lenovo Legion Zone and the Lenovo App Store (China-market Windows builds) allows an authenticate
Local privilege escalation to arbitrary code execution affects Lenovo App Store, a software-distribution client shipped
An improper permissions vulnerability was reported in Lenovo App Store that could allow a local authenticated user to ex
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44976
GHSA-v9mr-vw95-5jgv