Which versions of Lenovo Personal Cloud are affected by CVE-2026-6282?

Lenovo Personal Cloud Storage devices contain a path traversal vulnerability allowing authenticated users to access and modify files belonging to other users on the same device, creating risk of…. A patch is available.

Lenovo Personal Cloud CVE-2026-6282

Q: What is the CVSS score of CVE-2026-6282?

CVE-2026-6282 has a CVSS 4.0 base score of 8.6 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-30041 HIGH

Path Traversal (CWE-22)

2026-05-13 lenovo

GHSA-m6vj-6h49-wg69

Path Traversal Lenovo

8.6

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Patch available

May 13, 2026 - 16:33 EUVD

Analysis Updated

May 13, 2026 - 16:28 vuln.today

v2 (cvss_changed)

Re-analysis Queued

May 13, 2026 - 16:22 vuln.today

cvss_changed

CVSS changed

May 13, 2026 - 16:22 NVD

8.1 (HIGH) 8.6 (HIGH)

Analysis Generated

May 13, 2026 - 16:01 vuln.today

CVE Published

May 13, 2026 - 14:15 nvd

HIGH 8.1

DescriptionNVD

A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to other users on the same device.

AnalysisAI

Path traversal in Lenovo Personal Cloud Storage devices allows authenticated remote attackers to move or access files belonging to other users on the same device, enabling unauthorized data disclosure and modification across user boundaries. Affects multiple product lines including Personal Cloud (T1, T2, T2S, T2Pro, X1, X1S, A1, A1S) and Home Storage Hub (T20, X20). …

RemediationAI

Within 24 hours: Inventory all Lenovo Personal Cloud Storage and Home Storage Hub devices in use and document affected product models and firmware versions. Within 7 days: Implement access restrictions by limiting device usage to single-user environments where possible, or segregating multi-user access by disabling cross-user file visibility through device settings if available; contact Lenovo support for interim guidance. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-46055 Awaiting Data

May 27

In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix string overrun due to missing termina

CVE-2026-6282 vulnerability details – vuln.today

Back

Lenovo Personal Cloud CVE-2026-6282

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

More from same product – last 7 days

Share

Lenovo Personal Cloud CVE-2026-6282

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Share

External POC / Exploit Code