A potential insecure permissions vulnerability was reported in Legion Zone and the Lenovo App Store Windows applications, distributed exclusively in the Chinese market, that when installed on a non‑system partition, could allow a local user to execute arbitrary code.

Project Subscriptions

Vendors Products
App Store Subscribe
Legion Zone Subscribe
Advisories

No advisories yet.

Fixes

Solution

Update Lenovo Legion Zone to version 2.0.26 or later.


Workaround

No workaround given by the vendor.

References
History

Thu, 16 Jul 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 16 Jul 2026 17:00:00 +0000

Type Values Removed Values Added
Description A potential insecure permissions vulnerability was reported in Legion Zone and the Lenovo App Store Windows applications, distributed exclusively in the Chinese market, that when installed on a non‑system partition, could allow a local user to execute arbitrary code.
First Time appeared Lenovo
Lenovo app Store
Lenovo legion Zone
Weaknesses CWE-277
CPEs cpe:2.3:a:lenovo:app_store:*:*:windows:*:*:*:*:*
cpe:2.3:a:lenovo:legion_zone:*:*:windows:*:*:*:*:*
Vendors & Products Lenovo
Lenovo app Store
Lenovo legion Zone
References
Metrics cvssV3_1

{'score': 7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 7.3, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: lenovo

Published:

Updated: 2026-07-16T17:51:28.237Z

Reserved: 2026-05-19T19:01:33.092Z

Link: CVE-2026-9046

cve-icon Vulnrichment

Updated: 2026-07-16T17:51:24.803Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-16T19:00:04Z

Weaknesses