Lenovo 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには バッファオーバーフロー、vendor risk input validation、vendor risk cross-site scripting, and パス処理の欠陥 があり、vendor surface software deployment の利用場面で vendor impact unexpected behavior、ファイル上書き, and vendor impact session compromise などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-9045 | During an internal security assessment, a potential vulnerability was discovered in Lenovo Accessories and Display Manager for Enterprise for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges. | [email protected] | 8.5 | 0.10% | 2026-06-10 | 2026-06-17 |
| CVE-2026-8637 | A potential uncontrolled search path vulnerability was reported in the LanSchool Classic client application that could allow a local authenticated user to execute arbitrary code with elevated privileges. | [email protected] | 8.5 | 0.13% | 2026-06-10 | 2026-06-17 |
| CVE-2026-7516 | A vulnerability was identified in the Lenovo Android Application, distributed exclusively on tablets in the Chinese market, that could allow a website visited by the built-in browser to overwrite system clipboard contents. | [email protected] | 5.1 | 0.17% | 2026-06-10 | 2026-06-17 |
| CVE-2026-6090 | A potential authentication bypass was reported in Lenovo Smart Connect for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges. | [email protected] | 7.3 | 0.11% | 2026-06-10 | 2026-06-17 |
| CVE-2025-10238 | During an internal security assessment, a potential out-of-bounds write vulnerability was discovered in the BIOS of some ThinkPad products could allow a privileged local user to execute code in System Management Mode (SMM). | [email protected] | 8.4 | 0.12% | 2026-06-10 | 2026-06-17 |
| CVE-2025-10237 | During an internal security assessment, a potential vulnerability was discovered in some ThinkPad embedded controller firmware that could allow a privileged local user to perform arbitrary reads or writes to privileged memory regions. | [email protected] | 8.4 | 0.08% | 2026-06-10 | 2026-06-17 |
| CVE-2026-6282 | A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to other users on the same device. | [email protected] | 8.6 | 0.39% | 2026-05-13 | 2026-06-17 |
| CVE-2026-6281 | A potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user on the local network to execute arbitrary commands on the device. | [email protected] | 8.7 | 0.45% | 2026-05-13 | 2026-06-17 |
| CVE-2026-4145 | During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix that could allow a local authenticated user to perform arbitrary code execution with elevated privileges. | [email protected] | 8.5 | 0.20% | 2026-04-15 | 2026-06-17 |
| CVE-2026-4135 | During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to perform an arbitrary file write with elevated privileges. | [email protected] | 5.2 | 0.12% | 2026-04-15 | 2026-06-17 |
| CVE-2026-4134 | During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to execute code with elevated privileges. | [email protected] | 7.0 | 0.11% | 2026-04-15 | 2026-06-17 |
| CVE-2026-1636 | A potential DLL hijacking vulnerability was reported in Lenovo Service Bridge that, under certain conditions, could allow a local authenticated user to execute code with elevated privileges. | [email protected] | 5.4 | 0.13% | 2026-04-15 | 2026-06-17 |
| CVE-2026-0827 | During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardware scan, could allow a local authenticated user to perform an arbitrary file write with elevated privileges. | [email protected] | 6.9 | 0.20% | 2026-04-15 | 2026-06-17 |
| CVE-2026-2640 | During an internal security assessment, a potential vulnerability was discovered in Lenovo PC Manager that could allow a local authenticated user to terminate privileged processes. | [email protected] | 6.8 | 0.11% | 2026-03-11 | 2026-06-17 |
| CVE-2026-2368 | An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to execute arbitrary code. | [email protected] | 7.5 | 0.13% | 2026-03-11 | 2026-06-17 |
| CVE-2026-1717 | An input validation vulnerability was reported in the LenovoProductivitySystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to terminate arbitrary processes with elevated privileges. | [email protected] | 6.8 | 0.14% | 2026-03-11 | 2026-06-17 |
| CVE-2026-1716 | An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to delete arbitrary registry keys with elevated privileges. | [email protected] | 6.9 | 0.15% | 2026-03-11 | 2026-06-17 |
| CVE-2026-1715 | An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to modify arbitrary registry keys with elevated privileges. | [email protected] | 6.9 | 0.15% | 2026-03-11 | 2026-06-17 |
| CVE-2026-1653 | A potential divide by zero vulnerability was reported in the Lenovo Virtual Bus driver used in Smart Connect that could allow a local authenticated user to cause a Windows blue screen error. | [email protected] | 6.8 | 0.09% | 2026-03-11 | 2026-06-17 |
| CVE-2026-1652 | A potential buffer overflow vulnerability was reported in the Lenovo Virtual Bus driver used in Smart Connect that could allow a local authenticated user to corrupt memory and cause a Windows blue screen error. | [email protected] | 6.9 | 0.10% | 2026-03-11 | 2026-06-17 |