Lenovo Filez App Allows Malicious Code Execution via Man-in-the-Middle Attack

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.5

Lenovo Filez App Allows Malicious Code Execution via Man-in-the-Middle Attack

CVE-2026-2368

Summary

A security weakness in Lenovo's Filez application can permit an attacker to execute unauthorized code if they intercept your internet traffic. This could lead to data theft or other malicious activities. Lenovo has likely addressed this issue in a software update, so it's essential to stay up-to-date with the latest version of the application.

Original title

An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to execute arbitrary code.

Original description

An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to execute arbitrary code.

nvd CVSS3.1 7.1

nvd CVSS4.0 7.5

Vulnerability type

CWE-295 Improper Certificate Validation

https://www.filez.com/securityPolicy

Published: 11 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026