CVE-2026-0827
Received
Received - Intake
Arbitrary File Write in Lenovo Diagnostics Elevates Privileges
Publication date: 2026-04-15
Last updated on: 2026-04-15
Assigner: Lenovo Group Ltd.
Description
Description
During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardware scan, could allow a local authenticated user to perform an arbitrary file write with elevated privileges.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| lenovo | diagnostics | * |
| lenovo | vantage | * |
| lenovo | hardwarescanaddin | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-59 | The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage. It occurs during installation or when performing a hardware scan, allowing a local authenticated user to write arbitrary files with elevated privileges.
How can this vulnerability impact me? :
The vulnerability could allow a local authenticated user to perform arbitrary file writes with elevated privileges, potentially leading to unauthorized modification of system files or installation of malicious code.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70