CVE-2026-0940
8.4
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a local privileged user to modify data and execute arbitrary code.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Lenovo | ThinkPad T14 Gen 5 BIOS | 0 <= 1.17 | affected |
| Lenovo | ThinkPad P14s Gen 5 BIOS | 0 <= 1.17 | affected |
| Lenovo | ThinkPad Z13 Gen 2 BIOS | 0 <= 1.37 | affected |
| Lenovo | ThinkPad Z16 Gen 2 BIOS | 0 <= 1.37 | affected |
| Lenovo | ThinkPad P16v Gen 1 BIOS | 0 <= 1.62 | affected |
| Lenovo | ThinkPad P15v Gen 3 BIOS | 0 <= 1.28 | affected |
| Lenovo | ThinkPad Z13 Gen 1 BIOS | 0 <= 1.76 | affected |
| Lenovo | ThinkPad Z16 Gen 1 BIOS | 0 <= 1.76 | affected |
Weaknesses
- CWE-665: CWE-665: Improper Initialization
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.