CVE-2026-10589
Awaiting Analysis Awaiting Analysis - Queue

System Management Mode Code Execution Vulnerability in Lenovo Systems

Vulnerability report for CVE-2026-10589, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-16

Last updated on: 2026-07-16

Assigner: Lenovo Group Ltd.

Description

A potential out of bounds write vulnerability could allow a local privileged attacker to execute code in System Management Mode.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-16
Last Modified
2026-07-16
Generated
2026-07-16
AI Q&A
2026-07-16
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This is a potential out of bounds write vulnerability that could allow a local privileged attacker to execute code in System Management Mode. This means an attacker with local access and elevated privileges might exploit this flaw to run unauthorized code at a very low system level.

Detection Guidance

Detection methods are not specified in the provided CVE details. Check Lenovo's official advisories or security bulletins for potential detection tools or commands.

Impact Analysis

If exploited, this vulnerability could let an attacker gain control over critical system functions, potentially leading to data theft, system instability, or unauthorized access to sensitive information. Since it affects System Management Mode, it may bypass normal security controls.

Compliance Impact

The vulnerability allows local privileged attackers to execute code in System Management Mode, which could lead to unauthorized system access or data manipulation. This may impact compliance with standards requiring strict access controls and data integrity, such as GDPR or HIPAA, by potentially enabling data breaches or unauthorized modifications.

Mitigation Strategies

Apply patches or updates from Lenovo as soon as they become available. Monitor Lenovo's PSIRT page for official mitigation guidance.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-10589. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart