CVE-2026-10587
Awaiting Analysis Awaiting Analysis - Queue

Out-of-Bounds Write in Lenovo System Management Mode

Vulnerability report for CVE-2026-10587, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-16

Last updated on: 2026-07-16

Assigner: Lenovo Group Ltd.

Description

A potential out-of-bounds write vulnerability could allow a local privileged attacker to modify power management settings in System Management Mode.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-16
Last Modified
2026-07-16
Generated
2026-07-16
AI Q&A
2026-07-16
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an out-of-bounds write issue in System Management Mode that could let a local privileged attacker modify power management settings. It may allow unauthorized changes to critical system functions.

Impact Analysis

A successful exploit could lead to system instability, unauthorized power state changes, or potential denial of service. It requires local privileged access, limiting remote exploitation risk.

Compliance Impact

This vulnerability allows a local privileged attacker to modify power management settings in System Management Mode, which could lead to unauthorized system changes. Such unauthorized modifications may impact data integrity and availability, potentially violating compliance requirements under GDPR (data integrity and availability principles) and HIPAA (integrity and availability of protected health information).

Mitigation Strategies

Apply the latest firmware updates from Lenovo to address the out-of-bounds write vulnerability in System Management Mode. Monitor Lenovo's security advisories for patches and ensure power management settings are reviewed for unauthorized modifications.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-10587. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart