CVE-2026-0421

Summary

A potential vulnerability was reported in the BIOS of L13 Gen 6, L13 Gen 6 2-in-1, L14 Gen 6, and L16 Gen 2 ThinkPads which could result in Secure Boot being disabled even when configured as “On” in the BIOS setup menu. This issue only affects systems where Secure Boot is set to User Mode.

Affected Software

VendorProductVersion RangeStatus
LenovoThinkPad L13 Gen 6 BIOS0 < 1.10affected
LenovoThinkPad L13 Gen 6 2 in 1 BIOS0 < 1.10affected
LenovoThinkPad L14 Gen 6 BIOS0 < 1.06affected
LenovoThinkPad L16 Gen 2 BIOS0 < 1.06affected

Weaknesses

  • CWE-252: CWE-252: Unchecked Return Value

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References