Skip to main content

Lenovo CVE-2026-1717

MEDIUM
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') (CWE-88)
2026-03-11 psirt@lenovo.com
6.8
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
6.8 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 22:07 vuln.today
CVE Published
Mar 11, 2026 - 21:16 nvd
MEDIUM 6.8

DescriptionCVE.org

An input validation vulnerability was reported in the LenovoProductivitySystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to terminate arbitrary processes with elevated privileges.

AnalysisAI

LenovoProductivitySystemAddin in Lenovo Vantage and Baiying contains an input validation flaw that enables local authenticated users to terminate arbitrary processes with elevated privileges. This medium-severity vulnerability (CVSS 6.8) requires local access and valid credentials but poses a significant availability risk. No patch is currently available.

Technical ContextAI

An input validation vulnerability was reported in the LenovoProductivitySystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to terminate arbitrary processes with elevated privileges.

RemediationAI

Monitor vendor advisories for a patch.

More in Lenovo

View all
CVE-2012-1195 HIGH POC
7.5 Feb 18

Unrestricted file upload vulnerability in andesk/managementsuite/core/core.anonymous/ServerSetup.asmx in the ServerSetup

CVE-2012-1196 MEDIUM POC
5.0 Feb 18

Directory traversal vulnerability in the VulCore web service (WSVulnerabilityCore/VulCore.asmx) in Lenovo ThinkManagemen

CVE-2015-2219 HIGH POC
7.2 May 12

Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allo

CVE-2018-14066 CRITICAL POC
9.8 Jul 15

The content://wappush content provider in com.android.provider.telephony, as found in some custom ROMs for Android phone

CVE-2026-58583 HIGH POC
8.4 Jul 07

Local privilege escalation in the FluxInk (formerly Sunia SPB Peripheral) Color Management Driver TcnPeripheral64.sys ve

CVE-2017-7293 HIGH POC
7.8 Apr 26

The Dolby DAX2 and DAX3 API services are vulnerable to a privilege escalation vulnerability that allows a normal user to

CVE-2015-6971 HIGH POC
7.8 Oct 03

Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the

CVE-2015-8110 HIGH POC
7.8 Apr 24

Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by nav

CVE-2021-3633 HIGH POC
7.8 Aug 17

A DLL preloading vulnerability was reported in Lenovo Driver Management prior to version 2.9.0719.1104 that could allow

CVE-2022-0354 HIGH POC
7.3 Apr 22

A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ab

CVE-2015-8109 HIGH POC
7.0 Apr 24

Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by mak

CVE-2017-3761 CRITICAL
9.8 Oct 17

The Lenovo Service Framework Android application executes some system commands without proper sanitization of external i

Share

CVE-2026-1717 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy