{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0827", "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "state": "PUBLISHED", "assignerShortName": "lenovo", "dateReserved": "2026-01-09T19:19:57.946Z", "datePublished": "2026-04-15T12:27:45.354Z", "dateUpdated": "2026-04-15T13:48:06.089Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Diagnostics", "vendor": "Lenovo", "versions": [{"lessThan": "5.26.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "packageName": "HardwareScanAddin", "product": "Vantage", "vendor": "Lenovo", "versions": [{"lessThan": "4.7.1.4", "status": "affected", "version": "0", "versionType": "custom"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lenovo:diagnostics:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.26.0", "versionStartIncluding": "0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:lenovo:vantage:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.7.1.4", "versionStartIncluding": "0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "credits": [{"lang": "en", "type": "finder", "value": "Lenovo thanks Anas Hadane for subsequently reporting this vulnerability."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardware scan, could allow a local authenticated user to perform an arbitrary file write with elevated privileges."}], "value": "During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardware scan, could allow a local authenticated user to perform an arbitrary file write with elevated privileges."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.9, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-59", "description": "CWE-59: Improper Link Resolution Before File Access ('Link Following')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo", "dateUpdated": "2026-04-15T12:27:45.354Z"}, "references": [{"url": "https://support.lenovo.com/us/en/product_security/LEN-210693"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Update Lenovo Diagnostics to version 5.26.0 or later.</span>\n\n<br>"}], "value": "Update Lenovo Diagnostics to version 5.26.0 or later."}, {"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update Vantage and Commercial Vantage HardwareScanAddin to version 4.7.1.4 or later. HardwareScanAddin is automatically updated by Lenovo Vantage and Lenovo Commercial Vantage.<br>"}], "value": "Update Vantage and Commercial Vantage HardwareScanAddin to version 4.7.1.4 or later. HardwareScanAddin is automatically updated by Lenovo Vantage and Lenovo Commercial Vantage."}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.3.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-15T13:46:44.833174Z", "id": "CVE-2026-0827", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T13:48:06.089Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0827", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-15T13:46:44.833174Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T13:46:37.238Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Lenovo thanks Anas Hadane for subsequently reporting this vulnerability."}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Lenovo", "product": "Diagnostics", "versions": [{"status": "affected", "version": "0", "lessThan": "5.26.0", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Lenovo", "product": "Vantage", "versions": [{"status": "affected", "version": "0", "lessThan": "4.7.1.4", "versionType": "custom"}], "packageName": "HardwareScanAddin", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update Lenovo Diagnostics to version 5.26.0 or later.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Update Lenovo Diagnostics to version 5.26.0 or later.</span>\n\n<br>", "base64": false}]}, {"lang": "en", "value": "Update Vantage and Commercial Vantage HardwareScanAddin to version 4.7.1.4 or later. HardwareScanAddin is automatically updated by Lenovo Vantage and Lenovo Commercial Vantage.", "supportingMedia": [{"type": "text/html", "value": "Update Vantage and Commercial Vantage HardwareScanAddin to version 4.7.1.4 or later. HardwareScanAddin is automatically updated by Lenovo Vantage and Lenovo Commercial Vantage.<br>", "base64": false}]}], "references": [{"url": "https://support.lenovo.com/us/en/product_security/LEN-210693"}], "x_generator": {"engine": "Vulnogram 0.3.0"}, "descriptions": [{"lang": "en", "value": "During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardware scan, could allow a local authenticated user to perform an arbitrary file write with elevated privileges.", "supportingMedia": [{"type": "text/html", "value": "During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardware scan, could allow a local authenticated user to perform an arbitrary file write with elevated privileges.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-59", "description": "CWE-59: Improper Link Resolution Before File Access ('Link Following')"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lenovo:diagnostics:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.26.0", "versionStartIncluding": "0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lenovo:vantage:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.7.1.4", "versionStartIncluding": "0"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo", "dateUpdated": "2026-04-15T12:27:45.354Z"}}}, "cveMetadata": {"cveId": "CVE-2026-0827", "state": "PUBLISHED", "dateUpdated": "2026-04-15T13:48:06.089Z", "dateReserved": "2026-01-09T19:19:57.946Z", "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "datePublished": "2026-04-15T12:27:45.354Z", "assignerShortName": "lenovo"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardware scan, could allow a local authenticated user to perform an arbitrary file write with elevated privileges."}], "id": "CVE-2026-0827", "lastModified": "2026-04-15T13:16:23.097", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "psirt@lenovo.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "psirt@lenovo.com", "type": "Secondary"}]}, "published": "2026-04-15T13:16:23.097", "references": [{"source": "psirt@lenovo.com", "url": "https://support.lenovo.com/us/en/product_security/LEN-210693"}], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "psirt@lenovo.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,5.26.0)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Diagnostics", "source": "cna", "vendor": "Lenovo"}, "product": "diagnostics", "vendor": "lenovo"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,4.7.1.4)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Vantage", "source": "cna", "vendor": "Lenovo"}, "product": "vantage", "vendor": "lenovo"}], "analysis": {"en": {"generated_at": "2026-04-15T13:21:51.702777+00:00", "value": {"mitigation_remediation": ["Apply the vendor patch by updating Lenovo Diagnostics to version\u202f5.26.0 or later.", "Upgrade Lenovo Vantage and Commercial Vantage HardwareScanAddin to version\u202f4.7.1.4 or later; the add\u2011in is updated automatically when Vantage is updated.", "Limit installation and use of Lenovo Diagnostics and Vantage to trusted users only, ensuring that only authorized personnel can install or run the software."], "summary": {"action": "Immediate Patch", "impact": "Local Privilege Escalation via Arbitrary File Write"}, "threat_synthesis": {"affected_systems": "The affected products are Lenovo Diagnostics and Lenovo Vantage, including the HardwareScanAddin component. Versions prior to Diagnostics\u202f5.26.0 and to Vantage and Commercial Vantage HardwareScanAddin\u202f4.7.1.4 are susceptible. All newer builds that incorporate the listed updates are not vulnerable.", "description_and_impact": "A vulnerability in Lenovo Diagnostics and the HardwareScanAddin used by Lenovo Vantage permits a local authenticated user to perform an arbitrary file write with elevated privileges during installation or hardware scan operations. This flaw enables modification of system files, potentially replacing binaries, altering configuration files, or injecting malicious code, thereby allowing the attacker to elevate privileges. The weakness is an instance of improper path validation, as classified by CWE\u201159.", "risk_and_exploitability": "The CVSS base score is 6.9, indicating medium severity. No EPSS score is available, so the likelihood of exploitation cannot be quantified, and the vulnerability is not listed in the CISA KEV catalog. It requires a local authenticated user with installation or scanning privileges, so the attack vector is inferred to be local. Given the potential for privilege escalation, the overall risk remains moderate to high depending on the environment."}}}}, "created": "2026-04-15T13:38:17.784661+00:00", "title": "Local Privilege Escalation via Arbitrary File Write in Lenovo Diagnostics and Vantage", "updated": "2026-04-15T13:38:28.753031+00:00", "vendors": ["lenovo", "lenovo$PRODUCT$diagnostics", "lenovo$PRODUCT$vantage"]}