Skip to main content

Secure Boot CVE-2026-0421

MEDIUM
Unchecked Return Value (CWE-252)
2026-01-14 psirt@lenovo.com
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 14, 2026 - 23:15 nvd
MEDIUM 6.5

DescriptionCVE.org

A potential vulnerability was reported in the BIOS of L13 Gen 6, L13 Gen 6 2-in-1, L14 Gen 6, and L16 Gen 2 ThinkPads which could result in Secure Boot being disabled even when configured as “On” in the BIOS setup menu. This issue only affects systems where Secure Boot is set to User Mode.

AnalysisAI

Secure Boot bypass in iOS allows local privileged users to disable Secure Boot protections even when explicitly configured as enabled in BIOS, affecting systems with Secure Boot set to User Mode. An attacker with high-level system access and user interaction can circumvent boot-time security protections, potentially enabling unsigned code execution. No patch is currently available for this medium-severity vulnerability.

Technical ContextAI

Classified as CWE-252 (Unchecked Return Value). A potential vulnerability was reported in the BIOS of L13 Gen 6, L13 Gen 6 2-in-1, L14 Gen 6, and L16 Gen 2 ThinkPads which could result in Secure Boot being disabled even when configured as “On” in the BIOS setup menu. This issue only affects systems where Secure Boot is set to User Mode.

Affected ProductsAI

A potential vulnerability was reported in the BIOS of L13 Gen 6, L13 Gen 6 2-in-1, L14 Gen 6, and L16 Gen 2 ThinkPads which could result in Secure Boo

RemediationAI

Monitor vendor advisories for a patch.

Share

CVE-2026-0421 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy