CVE-2026-9045: During an internal security assessment, a potential vulnerability was discovered in Lenovo Accessories and Display Manager for Enterprise for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges
During an internal security assessment, a potential vulnerability was discovered in Lenovo Accessories and Display Manager for Enterprise for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges.
Metrics
- CVSS v4.0
- 8.5
- Severity
- HIGH
- Fixed in
- 1.0.9
- Affected Products
- 1
HarborGuard Analysis
Synopsis
A local privilege escalation vulnerability affects Lenovo Accessories and Display Manager for Enterprise for Windows. An attacker with a low-privilege local account can exploit this flaw without any network access or victim interaction to execute arbitrary code with elevated privileges on the host. A patched-image rebuild at version 1.0.9 is available on HarborGuard for environments running an affected version.
HarborGuard Coverage
Detection is available across every HarborGuard environment. The CVE is ingested from upstream feeds within minutes of publication and matched against customer images and pipelines, including custom-built images that bundle Lenovo Accessories and Display Manager for Enterprise.
AvailableHarborGuard is capable of scoring this CVE at CVSS 8.5 (High) and weighting findings against each customer environment's compliance policy to surface the right severity level for the right team. Triage routing is available to direct findings to the appropriate inbox within each customer organization.
AvailableA patched-image rebuild at version 1.0.9 is available on HarborGuard for environments where an affected version is detected. For customers who opt into auto-remediation, HarborGuard can trigger a rebuild, run regression tests, and open a PR against affected workloads automatically.
AvailableExploit Conditions
- Network reachabilityNot required
The attacker needs an existing shell or process on the host; no network path to the target is required.
- AuthenticationRequired
Any low-privilege local account is sufficient to attempt exploitation; no administrative credentials are needed.
- Victim interactionNot required
The exploit completes without requiring any action from another user on the system.
- Attack complexityDetail
The exploit is reliable and condition-free; no race conditions, specific memory layouts, or environmental factors need to be in place.
Blast Radius
- A successful attacker executes arbitrary code with elevated privileges on the affected Windows host.
- The attacker gains full read access to confidential data stored on the system, including files and credentials accessible at elevated privilege levels.
- The attacker can modify or delete files, configurations, and other persisted data on the host.
- The attacker can crash or disrupt services running on the affected machine.
How HarborGuard Handles This
Available on HarborGuard: detection fires within minutes of CVE publication for any image containing an affected version of Lenovo Accessories and Display Manager for Enterprise. Where compliance policy permits, the CVSS 8.5 High severity rating triggers priority triage routing to the relevant team. For customers who opt into auto-remediation, HarborGuard can rebuild the image at version 1.0.9, run a regression test suite, and open a PR against affected workloads; for high-severity issues, the median time from CVE publication to merged patch PR is around 90 minutes in environments with auto-remediation enabled. Customers who manage remediation manually can act on the pinned fix version surfaced in the finding detail.
- Lenovo / Accessories and Display Manager for Enterprise< 1.0.9 (from 0)
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N