How is CVE-2026-6090 exploited?

Network reachability (not-required): The attacker needs an existing shell or process on the host; no network path to the target is required. Authentication (required): Any low-privilege local account is sufficient; no administrator or specially provisioned credentials are needed beyond basic system access. Victim interaction (not-required): No action from another user or victim is needed to trigger the vulnerability. Attack complexity (info): Specific pre-existing conditions on the target system must be met, such as a particular configuration state or timing window, making the exploit situationally dependent rather than unconditionally reliable.

What is the impact of CVE-2026-6090?

Reads sensitive data accessible to the elevated process, including credentials, configuration secrets, and user files. Modifies or overwrites application data and system files under the elevated privilege context. Crashes or disrupts the affected service, causing denial of availability for users of Lenovo Smart Connect on the host. Gains a persistent elevated execution context that can be used as a pivot point for further actions on the same host.

Back to search

HIGHCVE-2026-6090Published 2026-06-10Modified 2026-06-10CNA lenovo

CVE-2026-6090: A potential authentication bypass was reported in Lenovo Smart Connect for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges

A potential authentication bypass was reported in Lenovo Smart Connect for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges.

CVSS v4.0: 7.3
Severity: HIGH
Fixed in: 09.0.2.003.000
Affected Products: 1

HarborGuard Analysis

Synopsis

Authentication bypass in Lenovo Smart Connect for Windows allows a local, low-privileged user to execute arbitrary code with elevated privileges. The attacker must already have a shell or process on the host; no network access is required, but specific pre-existing conditions on the target system must be met. Successful exploitation gives the attacker full control of the affected process, including the ability to read, modify, or destroy data and disrupt services. A patched-image rebuild at version 09.0.2.003.000 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection capability is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against customer images, including custom-built images that bundle Lenovo Smart Connect for Windows. Any image carrying a version below 09.0.2.003.000 is flagged automatically.

Available

Triage

HarborGuard scores this finding at CVSS 7.3 (HIGH) and can apply per-environment compliance policy weighting to prioritize or escalate accordingly. Findings are routed to the appropriate team inbox within each customer organization based on configured policy rules.

Available

Patch

A patched-image rebuild at version 09.0.2.003.000 becomes available for scanning environments that carry an affected version of Lenovo Smart Connect. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs a regression test, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

Network reachabilityNot required
The attacker needs an existing shell or process on the host; no network path to the target is required.
AuthenticationRequired
Any low-privilege local account is sufficient; no administrator or specially provisioned credentials are needed beyond basic system access.
Victim interactionNot required
No action from another user or victim is needed to trigger the vulnerability.
Attack complexityDetail
Specific pre-existing conditions on the target system must be met, such as a particular configuration state or timing window, making the exploit situationally dependent rather than unconditionally reliable.

Blast Radius

Reads sensitive data accessible to the elevated process, including credentials, configuration secrets, and user files.
Modifies or overwrites application data and system files under the elevated privilege context.
Crashes or disrupts the affected service, causing denial of availability for users of Lenovo Smart Connect on the host.
Gains a persistent elevated execution context that can be used as a pivot point for further actions on the same host.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-6090 is active and matches any image containing Lenovo Smart Connect below version 09.0.2.003.000. For customers who opt into auto-remediation, a rebuilt image at the fixed version (09.0.2.003.000) is generated, a regression test suite is run against it, and a pull request is opened against affected workloads. For HIGH-severity issues, the median time from CVE publication to merged patch PR in environments with auto-remediation enabled is around 90 minutes. Where compliance policy does not permit auto-remediation, the finding appears in the triage queue with CVSS scoring and policy-weighted priority so the responsible team can act manually. Because this is a local privilege escalation, compensating controls such as restricting which container images are permitted to run with elevated OS capabilities and enforcing least-privilege process policies can reduce exposure while a patch is staged.

See how HarborGuard automates this

Fix available

09.0.2.003.000

Affected packages

Lenovo / Smart Connect
< 09.0.2.003.000 (from 0)

CVSS Vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

support.lenovo.com

Metrics

Get notified

HarborGuard Analysis

Synopsis

HarborGuard Coverage

Exploit Conditions

Blast Radius

How HarborGuard Handles This

Fix available