PatchSiren cyber security CVE debrief
CVE-2026-6090 Lenovo CVE debrief
A potential authentication bypass vulnerability was reported in Lenovo Smart Connect for Windows, which could allow a local authenticated user to execute arbitrary code with elevated privileges. The vulnerability has a CVSS score of 7.3 and is classified as HIGH severity.
- Vendor
- Lenovo
- Product
- Smart Connect
- CVSS
- HIGH 7.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-10
Who should care
Users of Lenovo Smart Connect for Windows should apply the necessary patches or mitigations to prevent potential exploitation of this vulnerability.
Technical summary
The vulnerability, tracked as CVE-2026-6090, is a potential authentication bypass issue in Lenovo Smart Connect for Windows. It allows a local authenticated user to execute arbitrary code with elevated privileges. The CVSS vector for this vulnerability is CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.
Defensive priority
HIGH
Recommended defensive actions
- Apply the necessary patches or mitigations provided by Lenovo to address this vulnerability.
- Ensure that Lenovo Smart Connect for Windows is updated to a version that is not vulnerable.
Evidence notes
The CVE was published on June 10, 2026, at 15:16:42 UTC and modified on June 10, 2026, at 19:43:28 UTC. The vendor of the affected product is likely Lenovo, based on the evidence provided.
Official resources
-
CVE-2026-6090 CVE record
CVE.org
-
CVE-2026-6090 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-6090 was published on [cvePublishedAt] and modified on [cveModifiedAt].