Skip to main content

Lenovo

Vendor security scorecard – 4 CVEs in the selected period

Period: 30d 90d 6m 1y All
Risk 8
4
CVEs
0
Critical
2
High
0
KEV
0
PoC
0
Unpatched C/H
100.0%
Patch Rate
0.1%
Avg EPSS

Severity Breakdown

CRITICAL
0
HIGH
2
MEDIUM
1
LOW
0

Monthly CVE Trend

Affected Products (8)

Linux Kernel 8 Pcmanager 4 Debian Linux 1 Jwt Attack 1 Ubuntu 1 App Store 1 Windows 1 Chrome 1

Top Risky CVEs

CVE Summary Severity CVSS EPSS Priority Signals
CVE-2026-6281 Remote command execution in Lenovo Personal Cloud Storage devices (T1, T2, T2S, T2Pro, X1, X1S, A1, A1S, and Home Storage Hub T20/X20) allows authenticated users on the local network to execute arbitrary commands via OS command injection (CWE-78). The CVSS v4.0 score of 8.7 reflects complete system compromise potential (VC:H/VI:H/VA:H) through network attack with low complexity but requiring low-privilege authentication (AV:N/AC:L/PR:L). No evidence of active exploitation (not in CISA KEV) or public exploit code identified at time of analysis. Lenovo has issued advisories including end-of-life notices for certain models (T1), indicating some affected products may not receive patches. HIGH 8.7 0.2% 44
CVE-2026-6282 Path traversal in Lenovo Personal Cloud Storage devices allows authenticated remote attackers to move or access files belonging to other users on the same device, enabling unauthorized data disclosure and modification across user boundaries. Affects multiple product lines including Personal Cloud (T1, T2, T2S, T2Pro, X1, X1S, A1, A1S) and Home Storage Hub (T20, X20). CVSS 8.6 reflects high confidentiality and integrity impact with low attack complexity. No active exploitation confirmed in CISA KEV at time of analysis, and EPSS data not available for this 2026 CVE identifier. HIGH 8.6 0.1% 43
CVE-2025-71297 Kernel denial of service in rtw88 WiFi driver 8822b chipset allows local authenticated users to trigger a kernel WARNING and potential system instability by setting antenna configuration while the wireless chip is powered off, causing unexpected values when RF registers are read during power-down state. MEDIUM 5.5 0.0% 28
CVE-2026-46055 In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix string overrun due to missing termination When booting Ubuntu 26.0 – 0.0% –

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy