CVE-2026-0940

Summary

A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a local privileged user to modify data and execute arbitrary code.

Affected Software

VendorProductVersion RangeStatus
LenovoThinkPad T14 Gen 5 BIOS0 <= 1.17affected
LenovoThinkPad P14s Gen 5 BIOS0 <= 1.17affected
LenovoThinkPad Z13 Gen 2 BIOS0 <= 1.37affected
LenovoThinkPad Z16 Gen 2 BIOS0 <= 1.37affected
LenovoThinkPad P16v Gen 1 BIOS0 <= 1.62affected
LenovoThinkPad P15v Gen 3 BIOS0 <= 1.28affected
LenovoThinkPad Z13 Gen 1 BIOS0 <= 1.76affected
LenovoThinkPad Z16 Gen 1 BIOS0 <= 1.76affected

Weaknesses

  • CWE-665: CWE-665: Improper Initialization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References