Home / Vulnerability Intelligence / CVE-2026-0827

CVE-2026-0827 - Vulnerability Analysis

HighCVSS: 7.1

Last Updated: April 15, 2026

Lenovo Vantage - Arbitrary File Write

Published: April 15, 2026Updated: April 15, 2026PoC Available

Overview

Lenovo Diagnostics and HardwareScanAddin in Lenovo Vantage contain an arbitrary file write vulnerability caused by improper handling during installation or hardware scan, letting local authenticated users write files with elevated privileges.

Severity & Score

Severity: High

CVSS Score: 7.1

Impact

Local authenticated users can write arbitrary files with elevated privileges, potentially leading to full system compromise.

Mitigation

Update Lenovo Diagnostics and HardwareScanAddin to the latest available versions.

References

https://support.lenovo.com/us/en/product_security/LEN-210693

Related Resources

Details

CVE ID: CVE-2026-0827
Severity: High
CVSS Score: 7.1
Type: file_inclusion
Status: new

CWE

CWE-59

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H