{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1068", "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "state": "PUBLISHED", "assignerShortName": "lenovo", "dateReserved": "2026-01-16T19:33:39.508Z", "datePublished": "2026-03-11T20:20:53.662Z", "dateUpdated": "2026-03-12T16:19:12.229Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "FileZ", "vendor": "Lenovo", "versions": [{"lessThan": "10.12.3.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "platforms": ["Android"], "product": "FileZ", "vendor": "Lenovo", "versions": [{"lessThan": "11.1.0.35", "status": "affected", "version": "0", "versionType": "custom"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lenovo:filez:*:*:windows:*:*:*:*:*", "versionEndExcluding": "10.12.3.0", "versionStartIncluding": "0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:lenovo:filez:*:*:android:*:*:*:*:*", "versionEndExcluding": "11.1.0.35", "versionStartIncluding": "0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to obtain sensitive user data from the application.&nbsp;"}], "value": "An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to obtain sensitive user data from the application."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "ADJACENT", "baseScore": 6, "baseSeverity": "MEDIUM", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-295", "description": "CWE-295: Improper Certificate Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo", "dateUpdated": "2026-03-11T20:20:53.662Z"}, "references": [{"url": "https://www.filez.com/securityPolicy"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update&nbsp;Lenovo&nbsp;FileZ&nbsp;Android&nbsp;application to version&nbsp;11.1.0.35&nbsp;or&nbsp;later.&nbsp;"}], "value": "Update\u00a0Lenovo\u00a0FileZ\u00a0Android\u00a0application to version\u00a011.1.0.35\u00a0or\u00a0later."}, {"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div><div><div><p>Update&nbsp;Lenovo&nbsp;FileZ Windows&nbsp;application to version&nbsp;10.12.3.0&nbsp;or&nbsp;later.&nbsp;</p></div></div></div>"}], "value": "Update\u00a0Lenovo\u00a0FileZ Windows\u00a0application to version\u00a010.12.3.0\u00a0or\u00a0later."}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.0-beta"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-12T15:35:53.611265Z", "id": "CVE-2026-1068", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T16:19:12.229Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1068", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-12T15:35:53.611265Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T15:35:54.256Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Lenovo", "product": "FileZ", "versions": [{"status": "affected", "version": "0", "lessThan": "10.12.3.0", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}, {"vendor": "Lenovo", "product": "FileZ", "versions": [{"status": "affected", "version": "0", "lessThan": "11.1.0.35", "versionType": "custom"}], "platforms": ["Android"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update\u00a0Lenovo\u00a0FileZ\u00a0Android\u00a0application to version\u00a011.1.0.35\u00a0or\u00a0later.", "supportingMedia": [{"type": "text/html", "value": "Update&nbsp;Lenovo&nbsp;FileZ&nbsp;Android&nbsp;application to version&nbsp;11.1.0.35&nbsp;or&nbsp;later.&nbsp;", "base64": false}]}, {"lang": "en", "value": "Update\u00a0Lenovo\u00a0FileZ Windows\u00a0application to version\u00a010.12.3.0\u00a0or\u00a0later.", "supportingMedia": [{"type": "text/html", "value": "<div><div><div><p>Update&nbsp;Lenovo&nbsp;FileZ Windows&nbsp;application to version&nbsp;10.12.3.0&nbsp;or&nbsp;later.&nbsp;</p></div></div></div>", "base64": false}]}], "references": [{"url": "https://www.filez.com/securityPolicy"}], "x_generator": {"engine": "Vulnogram 1.0.0-beta"}, "descriptions": [{"lang": "en", "value": "An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to obtain sensitive user data from the application.", "supportingMedia": [{"type": "text/html", "value": "An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to obtain sensitive user data from the application.&nbsp;", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-295", "description": "CWE-295: Improper Certificate Validation"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lenovo:filez:*:*:windows:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "10.12.3.0", "versionStartIncluding": "0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lenovo:filez:*:*:android:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.1.0.35", "versionStartIncluding": "0"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo", "dateUpdated": "2026-03-11T20:20:53.662Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1068", "state": "PUBLISHED", "dateUpdated": "2026-03-12T16:19:12.229Z", "dateReserved": "2026-01-16T19:33:39.508Z", "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "datePublished": "2026-03-11T20:20:53.662Z", "assignerShortName": "lenovo"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to obtain sensitive user data from the application."}], "id": "CVE-2026-1068", "lastModified": "2026-03-12T21:08:22.643", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "psirt@lenovo.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "psirt@lenovo.com", "type": "Secondary"}]}, "published": "2026-03-11T21:16:14.137", "references": [{"source": "psirt@lenovo.com", "url": "https://www.filez.com/securityPolicy"}], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "psirt@lenovo.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": ["windows"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,10.12.3.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "FileZ", "source": "cna", "vendor": "Lenovo"}, "product": "filez", "vendor": "lenovo"}, {"configurations": [{"platform": ["android"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,11.1.0.35)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "FileZ", "source": "cna", "vendor": "Lenovo"}, "product": "filez", "vendor": "lenovo"}], "analysis": {"en": {"generated_at": "2026-03-17T14:55:03.533848+00:00", "value": {"mitigation_remediation": ["Update Lenovo FileZ Android to version 11.1.0.35 or newer.", "Update Lenovo FileZ Windows to version 10.12.3.0 or newer."], "summary": {"action": "Apply Patch", "impact": "Sensitive Data Exposure"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Lenovo FileZ for both Android and Windows platforms. All installations prior to the patched releases are impacted. The vendor recommends updating the Android client to version\u202f11.1.0.35 or newer and the Windows client to version\u202f10.12.3.0 or newer.", "description_and_impact": "An improper certificate validation vulnerability exists in Lenovo FileZ applications that permits an entity capable of intercepting network traffic to read sensitive user data transmitted by the application. The weakness is identified as CWE\u2011295 (Improper Certificate Validation) and effectively allows the attacker to obtain confidential information such as authentication credentials, session tokens, or other private data stored or sent within the application. This could lead to data compromise for the affected user(s).", "risk_and_exploitability": "The CVSS score of 6 indicates a medium severity risk. The EPSS score is below 1%, indicating a low probability of exploitation in the wild, and the issue is not listed in CISA\u2019s KEV catalog. Exploitation would most likely involve a man\u2011in\u2011the\u2011middle (MITM) attack on the network path, requiring the attacker to intercept traffic between the device and the server. Successful exploitation would allow the intercepting user to view or extract sensitive data, compromising confidentiality for individual users."}}}}, "created": "2026-03-12T09:56:10.259984+00:00", "title": "Improper Certificate Validation in Lenovo FileZ Allows Sensitive Data Interception", "updated": "2026-03-20T15:37:17.288018+00:00", "vendors": ["lenovo", "lenovo$PRODUCT$filez"]}