Skip to main content

Lenovo XClarity Integrator CVE-2026-14371

| EUVDEUVD-2026-44978 HIGH
OS Command Injection (CWE-78)
2026-07-16 lenovo GHSA-mh4x-4mfg-2vp2
8.8
CVSS 4.0 · Vendor: lenovo
Share

Severity by source

Vendor (lenovo) PRIMARY
8.8 HIGH
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
9.0 CRITICAL

Authenticated low-priv WAC user (PR:L) with required operator interaction (UI:R); command injection on the gateway pivots to managed hosts, so S:C with full C/I/A impact.

3.1 AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Primary rating from Vendor (lenovo).

CVSS VectorVendor: lenovo

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
A
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jul 16, 2026 - 17:18 vuln.today
CVE Published
Jul 16, 2026 - 16:49 cve.org
HIGH 8.8

DescriptionCVE.org

The Lenovo XClarity Integrator for Windows Admin Center plugin version 5.1.1 and below running on the WAC Gateway is vulnerable to Powershell Command Injection when establishing remote PowerShell commands.

AnalysisAI

PowerShell command injection in Lenovo XClarity Integrator for Microsoft Windows Admin Center (versions 5.1.1 and below) running on the WAC Gateway allows an authenticated low-privileged attacker to inject arbitrary PowerShell commands when the plugin establishes remote PowerShell sessions. Successful exploitation yields high-impact code execution that extends beyond the plugin into subsequent systems (managed hosts), with full confidentiality, integrity, and availability compromise. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate to WAC Gateway as low-priv user
Delivery
Craft malicious input to XClarity plugin
Exploit
Injection during remote PowerShell command build
Execution
Operator interaction triggers execution
Persist
Arbitrary PowerShell runs on gateway
Impact
Pivot to managed hosts

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated low-privilege account on the Windows Admin Center Gateway (PR:L) plus active operator/user interaction with the plugin (UI:A), and a specific attack requirement/precondition must hold (AT:P) - most plausibly that the XClarity Integrator plugin is installed and a remote PowerShell command flow is being established, which is the exact functionality the description names ('when establishing remote PowerShell commands'). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor CVSS 4.0 base score is 8.8 (High), with vector AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H and high subsequent-system impact (SC:H/SI:H/SA:H), indicating network reach and severe impact but tempered by three real barriers: PR:L (the attacker must already hold a low-privilege WAC account), UI:A (an active user/operator interaction is required), and AT:P (a specific attack requirement/precondition must be met). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A low-privileged but authenticated user of the Windows Admin Center console supplies crafted input to a Lenovo XClarity Integrator function that builds a remote PowerShell command; when an operator interacts with the affected plugin workflow, the injected payload breaks out of the intended command and executes attacker-chosen PowerShell on the WAC Gateway and reachable managed nodes. No public POC is referenced, and exploitation requires the AT:P precondition and operator interaction to be met.
Remediation Upgrade the Lenovo XClarity Integrator for Microsoft Windows Admin Center plugin to a fixed release above 5.1.1 as published on the Lenovo Product Security advisory (https://pcsupport.lenovo.com/us/en/product_security/home); an exact fixed version number was not included in the provided data and should be confirmed directly from Lenovo's advisory. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Audit all Windows Admin Center deployments for XClarity Integrator v5.1.1 and below; restrict plugin access to essential administrators only; enable detailed PowerShell logging on WAC Gateways and managed hosts. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-14371 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy