HIGHCVE-2026-0940Published Modified CNA lenovo
CVE-2026-0940: A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a local privileged user to modify data and execute arbitrary code
A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a local privileged user to modify data and execute arbitrary code.
Metrics
- CVSS v4.0
- 8.4
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 8
Affected packages
- Lenovo / ThinkPad T14 Gen 5 BIOS≤ 1.17
- Lenovo / ThinkPad P14s Gen 5 BIOS≤ 1.17
- Lenovo / ThinkPad Z13 Gen 2 BIOS≤ 1.37
- Lenovo / ThinkPad Z16 Gen 2 BIOS≤ 1.37
- Lenovo / ThinkPad P16v Gen 1 BIOS≤ 1.62
- Lenovo / ThinkPad P15v Gen 3 BIOS≤ 1.28
- Lenovo / ThinkPad Z13 Gen 1 BIOS≤ 1.76
- Lenovo / ThinkPad Z16 Gen 1 BIOS≤ 1.76
CVSS Vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:NReferences