CVE-2026-0421

MEDIUM

ThinkPad - Privilege Escalation

Title source: llm

Description

A potential vulnerability was reported in the BIOS of L13 Gen 6, L13 Gen 6 2-in-1, L14 Gen 6, and L16 Gen 2 ThinkPads which could result in Secure Boot being disabled even when configured as “On” in the BIOS setup menu. This issue only affects systems where Secure Boot is set to User Mode.

References (1)

[Various Sources] https://support.lenovo.com/us/en/product_security/LEN-210688

Scores

CVSS v3 6.5

EPSS 0.0002

EPSS Percentile 3.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-252

Status published

Products (4)

Lenovo/ThinkPad L13 Gen 6 2 in 1 BIOS < 1.10

Lenovo/ThinkPad L13 Gen 6 BIOS < 1.10

Lenovo/ThinkPad L14 Gen 6 BIOS < 1.06

Lenovo/ThinkPad L16 Gen 2 BIOS < 1.06

Published Jan 14, 2026

Tracked Since Feb 18, 2026