Improper Certificate Validation in Lenovo Filez Application
CVE-2026-1068

6MEDIUM

Key Information:

Vendor

Lenovo
Status
Filez
Vendor
CVE Published:
11 March 2026

What is CVE-2026-1068?

An improper certificate validation vulnerability in the Lenovo Filez application could potentially allow attackers to intercept network traffic. This flaw enables an adversary to access sensitive user data exchanged during communication sessions, posing a significant risk to user privacy and data integrity.

Affected Version(s)

FileZ Android 0 < 11.1.0.35

FileZ Windows 0 < 10.12.3.0

References

https://www.filez.com/securityPolicy

CVSS V4

Score:
6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.