CVE-2026-13103
Deferred Deferred - Pending Action

Path Traversal in Lenovo App Store

Vulnerability report for CVE-2026-13103, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-16

Last updated on: 2026-07-16

Assigner: Lenovo Group Ltd.

Description

A potential path traversal vulnerability was reported in Lenovo App Store, distributed exclusively in the Chinese market, that could allow a local authenticated user to execute arbitrary code.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-16
Last Modified
2026-07-16
Generated
2026-07-16
AI Q&A
2026-07-16
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
lenovo app_store *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a path traversal issue in Lenovo App Store, which is only distributed in the Chinese market. It allows a local authenticated user to execute arbitrary code by exploiting improper path validation.

Impact Analysis

If exploited, this vulnerability could let an attacker run malicious code on your system with the same privileges as the affected application. This may lead to unauthorized data access, system compromise, or further network infiltration.

Compliance Impact

The vulnerability involves a path traversal issue in Lenovo App Store that could allow local authenticated users to execute arbitrary code. This type of vulnerability may lead to unauthorized access or data exfiltration, which could impact compliance with standards like GDPR or HIPAA if sensitive data is involved. However, the provided context does not specify the data types or environments affected, so the exact compliance impact cannot be determined.

Mitigation Strategies

Update Lenovo App Store to the latest version if an update is available. Remove or disable the application if it is not required. Restrict local user permissions to minimize potential impact.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-13103. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart