CVE-2026-0827

HIGH

Lenovo Diagnostics < 5.26.0 - Arbitrary File Write

Title source: rule

Description

During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardware scan, could allow a local authenticated user to perform an arbitrary file write with elevated privileges.

Exploits (1)

nomisec WORKING POC 1 stars

by ZeroMemoryEx · poc

https://github.com/ZeroMemoryEx/CVE-2026-0827

View Code ZIP pw:eip

References (1)

https://support.lenovo.com/us/en/product_security/LEN-210693

Scores

CVSS v3 7.1

EPSS 0.0002

EPSS Percentile 3.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Details

CWE

CWE-59

Status published

Products (2)

Lenovo/Diagnostics < 5.26.0

Lenovo/Vantage < 4.7.1.4

Published Apr 15, 2026

Tracked Since Apr 15, 2026