Skip to content
Threat Feed
high threat exploited

CVE-2026-13104: Privilege Escalation in Lenovo App Store (Chinese Market)

A high-severity vulnerability, CVE-2026-13104, has been identified in specific versions of the Lenovo App Store, exclusively distributed in the Chinese market, which allows a local authenticated user to execute arbitrary code with elevated privileges, potentially leading to full system compromise.

A significant privilege escalation vulnerability, tracked as CVE-2026-13104, has been reported in the Lenovo App Store application. This application is distributed exclusively within the Chinese market. The flaw allows a local authenticated user to execute arbitrary code with elevated privileges, effectively granting the attacker higher system permissions than their standard user account. With a CVSS v3.1 base score of 7.3 (High), this vulnerability poses a substantial risk to systems running the affected software. While details about the exact exploitation mechanism are limited, the vulnerability stems from "Execution with Unnecessary Privileges" (CWE-250), indicating that the application performs actions with more permissions than required, which an attacker can abuse. There is no public information indicating active exploitation of this vulnerability in the wild at this time, but the potential for a local attacker to escalate privileges is a serious concern.

Attack Chain

  1. A local attacker gains authenticated access to a system running the vulnerable Lenovo App Store. This could be through a standard user account.
  2. The attacker identifies the presence of the vulnerable Lenovo App Store version (less than 9.0.2930.0514) on the system.
  3. The attacker leverages the underlying privilege escalation vulnerability (CWE-250) within the Lenovo App Store application.
  4. The vulnerability is triggered by a local authenticated user interacting with a specific component or function of the App Store that executes code with unnecessary elevated privileges.
  5. This interaction causes the vulnerable application to execute attacker-controlled arbitrary code.
  6. The arbitrary code execution occurs with the elevated privileges of the Lenovo App Store process, which are higher than the attacker's original user privileges.
  7. The attacker gains elevated access to the local system, allowing for further malicious activities such as installing persistent backdoors, modifying system configurations, or accessing sensitive data typically restricted to administrative users.

Impact

Successful exploitation of CVE-2026-13104 could lead to a complete compromise of the affected system. A local authenticated user could elevate their privileges, effectively gaining administrative control. This would allow an attacker to install malware, modify or delete critical system files, exfiltrate sensitive user data, or establish persistence mechanisms that could survive system reboots. While the vulnerability is limited to the Lenovo App Store distributed exclusively in the Chinese market, any system within that region running the vulnerable software is at risk. There is no information on observed victims or specific sectors targeted, but the impact could be severe for individual users and organizations using affected Lenovo devices.

Recommendation

  • Immediately update the Lenovo App Store to version 9.0.2930.0514 or later to remediate CVE-2026-13104. Refer to the Lenovo advisory at https://iknow.lenovo.com.cn/detail/441419 for official patching instructions.