PatchSiren cyber security CVE debrief
CVE-2026-8637 Lenovo CVE debrief
CVE-2026-8637 is a HIGH-severity vulnerability (CVSS Score: 8.5) in the LanSchool Classic client application. A local authenticated user could exploit this uncontrolled search path vulnerability to execute arbitrary code with elevated privileges.
- Vendor
- Lenovo
- Product
- LanSchool Classic
- CVSS
- HIGH 8.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-10
Who should care
Users of LanSchool Classic client application, particularly those in educational or organizational settings, should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability exists in the LanSchool Classic client application due to an uncontrolled search path. This could allow a local authenticated user to execute arbitrary code with elevated privileges.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or updates provided by the vendor as soon as available.
- Restrict access to the LanSchool Classic client application to authorized users only.
- Monitor the application and system logs for suspicious activity.
Evidence notes
The CVE record and NVD detail pages provide official information about this vulnerability. A reference to Lenovo's support page for this issue is also available.
Official resources
-
CVE-2026-8637 CVE record
CVE.org
-
CVE-2026-8637 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-8637 was published on 2026-06-10T15:16:42.930Z and modified on 2026-06-10T19:43:28.857Z.