CVE-2026-14371
Awaiting Analysis Awaiting Analysis - Queue

PowerShell Command Injection in Lenovo XClarity Integrator for Windows Admin Center

Vulnerability report for CVE-2026-14371, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-16

Last updated on: 2026-07-16

Assigner: Lenovo Group Ltd.

Description

The Lenovo XClarity Integrator for Windows Admin Center plugin version 5.1.1 and below running on the WAC Gateway is vulnerable to Powershell Command Injection when establishing remote PowerShell commands.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-16
Last Modified
2026-07-16
Generated
2026-07-16
AI Q&A
2026-07-16
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
lenovo xclarity_integrator 5.1.1

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The Lenovo XClarity Integrator for Windows Admin Center plugin version 5.1.1 and below has a vulnerability where it allows Powershell command injection when establishing remote PowerShell commands through the WAC Gateway.

Detection Guidance

To detect this vulnerability, monitor PowerShell command execution logs for suspicious remote commands initiated by the Lenovo XClarity Integrator plugin. Check WAC Gateway logs for unauthorized PowerShell sessions or commands with unusual parameters. Inspect network traffic for outbound PowerShell connections from the WAC Gateway to remote systems.

Impact Analysis

An attacker could exploit this to execute arbitrary Powershell commands on the affected system, potentially leading to unauthorized access, data theft, or system compromise.

Compliance Impact

The vulnerability allows remote command injection via PowerShell, which could lead to unauthorized access or data exfiltration. This may violate compliance requirements under GDPR (data protection) and HIPAA (health data security) by exposing sensitive information or failing to maintain system integrity.

Mitigation Strategies

Update the Lenovo XClarity Integrator for Windows Admin Center plugin to version 5.1.2 or later to address the Powershell Command Injection vulnerability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-14371. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart