Lenovo disclosed CVE-2026-13103, a path traversal vulnerability in its China-only App Store that could let a local authenticated user run arbitrary code. The flaw is rated high severity with CVSS 7.3 and affects versions before 9.0.2930.0514 on Windows.

A local authenticated user could execute arbitrary code.
This marks the first public record for the vulnerability.
Tap a lens to see what this story means for you.
Reader-supported · The Brief
Liked this? The Brief brings you the whole day in tech, verified, every morning. Two minutes, free forever.
See what’s happening right now
The Feed runs all day — short, verified briefs the moment they break.
Open the FeedFollow @thecircuitry_
Every story we publish, as it happens. No noise between.
Reader-supported
The Circuitry is a passion project I've always wanted to build, and I love the work behind it.
Running it costs real money. APIs, hosting, time. To keep improving the site and growing this into something useful for everyone, those costs have to be covered.
Any contribution is appreciated. If not, no pressure. Thanks for reading.
CISA added the Fortinet FortiSandbox OS command injection vulnerability CVE-2026-39808 to its Known Exploited Vulnerabilities catalog on 2026-07-16. Federal agencies have until 2026-07-19 to apply vendor mitigations under BOD 26-04 or discontinue use if patches are unavailable.
TSMC posted a 77.4% year-on-year profit increase to NT$706.56 billion and raised its capital spending outlook while announcing another $100 billion for Arizona fabs. The results underscore sustained AI demand that now dominates 66% of its platform revenue.
ChangXin Memory Technologies expects to raise 57.9 billion yuan ($8.55 billion) in its Shanghai STAR Market IPO after doubling its original target. The world's fourth-largest DRAM chipmaker will list on July 27, advancing China's push for semiconductor self-reliance.