CVE-2026-0421
7
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
A potential vulnerability was reported in the BIOS of L13 Gen 6, L13 Gen 6 2-in-1, L14 Gen 6, and L16 Gen 2 ThinkPads which could result in Secure Boot being disabled even when configured as “On” in the BIOS setup menu. This issue only affects systems where Secure Boot is set to User Mode.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Lenovo | ThinkPad L13 Gen 6 BIOS | 0 < 1.10 | affected |
| Lenovo | ThinkPad L13 Gen 6 2 in 1 BIOS | 0 < 1.10 | affected |
| Lenovo | ThinkPad L14 Gen 6 BIOS | 0 < 1.06 | affected |
| Lenovo | ThinkPad L16 Gen 2 BIOS | 0 < 1.06 | affected |
Weaknesses
- CWE-252: CWE-252: Unchecked Return Value
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.