CVE-2026-4145
Received
Received - Intake
Privilege Escalation via Arbitrary Code Execution in Lenovo Software Fix
Publication date: 2026-04-15
Last updated on: 2026-04-15
Assigner: Lenovo Group Ltd.
Description
Description
During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix that could allow a local authenticated user to perform arbitrary code execution with elevated privileges.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| lenovo | software_fix | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-88 | The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The vulnerability can allow an attacker who already has local access and authentication to run code with higher privileges than intended. This could lead to full system compromise, including unauthorized access, modification, or deletion of data.
Can you explain this vulnerability to me?
This vulnerability exists in Lenovo Software Fix and allows a local authenticated user to execute arbitrary code with elevated privileges. It was discovered during an internal security assessment.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70