Which versions of Lenovo Personal Cloud Storage are affected by EUVD-2026-30040?

CVE-2026-6281 affects Lenovo Personal Cloud Storage devices across multiple product lines, enabling authenticated network users to execute arbitrary commands and achieve complete system compromise.. A patch is available.

Lenovo Personal Cloud Storage EUVD-2026-30040

Q: What is the CVSS score of EUVD-2026-30040?

EUVD-2026-30040 has a CVSS 4.0 base score of 8.7 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.2%.

| CVE-2026-6281 HIGH

OS Command Injection (CWE-78)

2026-05-13 lenovo

GHSA-q5wc-3rhr-ppvw

Command Injection Lenovo

8.7

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Patch available

May 13, 2026 - 16:33 EUVD

Analysis Updated

May 13, 2026 - 16:29 vuln.today

v2 (cvss_changed)

Re-analysis Queued

May 13, 2026 - 16:22 vuln.today

cvss_changed

CVSS changed

May 13, 2026 - 16:22 NVD

8.8 (HIGH) 8.7 (HIGH)

Analysis Generated

May 13, 2026 - 16:00 vuln.today

CVE Published

May 13, 2026 - 14:15 nvd

HIGH 8.8

DescriptionNVD

A potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user on the local network to execute arbitrary commands on the device.

AnalysisAI

Remote command execution in Lenovo Personal Cloud Storage devices (T1, T2, T2S, T2Pro, X1, X1S, A1, A1S, and Home Storage Hub T20/X20) allows authenticated users on the local network to execute arbitrary commands via OS command injection (CWE-78). The CVSS v4.0 score of 8.7 reflects complete system compromise potential (VC:H/VI:H/VA:H) through network attack with low complexity but requiring low-privilege authentication (AV:N/AC:L/PR:L). …

RemediationAI

Within 24 hours: Inventory all Lenovo Personal Cloud Storage devices (T1, T2, T2S, T2Pro, X1, X1S, A1, A1S, T20/X20) in your environment and confirm which are internet-connected or accessible from untrusted networks. Within 7 days: Implement network segmentation to restrict access to affected devices to trusted administrative networks only; disable remote access features where operationally feasible; enforce strong password policies for device administrative accounts. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-46055 Awaiting Data

May 27

In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix string overrun due to missing termina

EUVD-2026-30040 vulnerability details – vuln.today

Back

Lenovo Personal Cloud Storage EUVD-2026-30040

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

More from same product – last 7 days

Share

Lenovo Personal Cloud Storage EUVD-2026-30040

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Share

External POC / Exploit Code