HIGHCVE-2026-6282Published Modified CNA lenovo
CVE-2026-6282: A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to other users on the same device
A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to other users on the same device.
Metrics
- CVSS v4.0
- 8.6
- Severity
- HIGH
- Fixed in
- 5.4.4.x20.1
- Affected Products
- 10
Fix available
5.4.4.x20.15.4.8.t2pro.25.4.8.x1s.25.5.6.t2s.35.5.8.t20.1
Affected packages
- Lenovo / Personal Cloud T2s< 5.5.6.t2s.3 (from 0)
- Lenovo / Personal Cloud T2Pro< 5.4.8.t2pro.2 (from 0)
- Lenovo / Personal Cloud X1s< 5.4.8.x1s.2 (from 0)
- Lenovo / Home Storage Hub T20< 5.5.8.t20.1 (from 0)
- Lenovo / Home Storage Hub X20< 5.4.4.x20.1 (from 0)
- Lenovo / Personal Cloud T1≤ 5.4.0.t1.6
- Lenovo / Personal Cloud A1≤ 5.4.2.a1.3
- Lenovo / Personal Cloud A1s≤ 5.5.6.a1s
- Lenovo / Personal Cloud T2≤ 5.4.5.t2.2
- Lenovo / Personal Cloud X1≤ 5.4.7.x1.1
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:NReferences