CVE-2026-10590
6.7
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
Summary
A potential missing authentication vulnerability could allow a local privileged attacker to use WMI commands to arbitrarily trigger a System Management Interrupt handler.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Lenovo | Yoga Pro 7 15IPH11 BIOS | 0 < TNCN37WW | affected |
| Lenovo | IdeaPad Pro 5 16IPH11 BIOS | 0 < S4CN62WW | affected |
| Lenovo | Legion 7 16AGP11 BIOS | 0 <= TPCN27WW | affected |
| Lenovo | IdeaPad Pro 5 16AGP11 BIOS | 0 <= T8CN19WW | affected |
| Lenovo | Legion Pro 5 16ADR10 BIOS | 0 <= U5CN07WW | affected |
| Lenovo | Lenovo V15 G6 ARP BIOS | 0 <= TYCN15WW | affected |
| Lenovo | LOQ 15ARP10E BIOS | 0 < SUCN18WW | affected |
| Lenovo | Yoga Book 9 14IAH10 BIOS | 0 <= QEME23WW | affected |
| Lenovo | Legion Pro 7 16AFR10H BIOS | 0 < SMCN20WW | affected |
| Lenovo | Legion Pro 5 16AFR10 BIOS | 0 <= RECN14WW | affected |
| Lenovo | Legion Pro 7 16ADR10H BIOS | 0 < SJCN17WW | affected |
| Lenovo | Lenovo V15 G4 AMN BIOS | 0 < L1CN72WW | affected |
| Lenovo | ThinkBook Plus G6 Rollable BIOS | 0 <= QWCN34WW | affected |
| Lenovo | Legion 5 15IAX10 BIOS | 0 <= S2CN15WW | affected |
| Lenovo | Legion 5 15AKP10 BIOS | 0 <= RYCN22WW | affected |
| Lenovo | Legion 5 15IRX10 BIOS | 0 <= QNCN28WW | affected |
| Lenovo | Legion Pro 5 16IRX10 BIOS | 0 <= S9CN13WW | affected |
| Lenovo | ThinkBook 16p G6 ADR BIOS | 0 < R7CN26WW | affected |
| Lenovo | Legion Pro 5 16ADR10 BIOS | 0 <= RLCN21WW | affected |
| Lenovo | Legion 5 15AHP10 BIOS | 0 < RGCN35WW | affected |
| Lenovo | Legion Pro 7 16IRX9H BIOS | 0 <= N2CN26WW | affected |
| Lenovo | Legion 9 16IRX9 BIOS | 0 <= NXCN20WW | affected |
| Lenovo | IdeaPad Slim 3 16IRU9 BIOS | 0 < P2CN27WW | affected |
| Lenovo | Legion Pro 5 16IRX9 BIOS | 0 < N0CN35WW | affected |
| Lenovo | IdeaPad Pro 5 16IMH9 BIOS | 0 <= MECN68WW | affected |
| Lenovo | Legion Pro 7 16ARX8H BIOS | 0 <= LPCN45WW | affected |
| Lenovo | ThinkBook Plus G4 IRU BIOS | 0 <= LUCN47WW | affected |
| Lenovo | Legion Slim 5 14APH8 BIOS | 0 <= MACN33WW | affected |
| Lenovo | ThinkBook Plus G5 Tab&ThinkBook Plus G5 Station BIOS | 0 <= P8CN42WW | affected |
| Lenovo | Legion Pro 7 16ARX8H BIOS | 0 <= LPCN59WW | affected |
| Lenovo | Lenovo V15 G4 IAH BIOS | 0 < MCCN39WW | affected |
| Lenovo | Lenovo V15 G5 IRL BIOS | 0 < PMCN38WW | affected |
| Lenovo | Yoga Pro 9 14IRP8 BIOS | 0 <= MBCN33WW | affected |
| Lenovo | IdeaPad Slim 3 16IRH8 BIOS | 0 < LTCN44WW | affected |
| Lenovo | IdeaPad Pro 5 16IRH8 BIOS | 0 <= KZCN46WW | affected |
| Lenovo | IdeaPad Slim 3 15AMN8 BIOS | 0 < L1CN51WW | affected |
| Lenovo | Yoga 9 14IRP8 BIOS | 0 < L4CN31WW | affected |
| Lenovo | Legion Pro 5 16ARX8 BIOS | 0 <= LPCN59WW | affected |
| Lenovo | Lenovo S14 G3 IAP BIOS | 0 <= JKCN49WW | affected |
| Lenovo | IdeaPad 5 15ABA7 BIOS | 0 < KACN29WW | affected |
| Lenovo | ThinkBook 16p G5 IRX BIOS | 0 < P5CN31WW | affected |
| Lenovo | Lenovo V15 G2 IJL Laptop BIOS | 0 < HTCN49WW | affected |
| Lenovo | Yoga Pro 9 16IMH9 BIOS | 0 <= NKCN30WW | affected |
| Lenovo | ThinkBook 16p G6 IAX BIOS | 0 < R2CN57WW | affected |
| Lenovo | Legion 7 16IAX10 BIOS | 0 <= RXCN18WW | affected |
| Lenovo | Legion Pro 5 16IAX10 BIOS | 0 <= Q6CN26WW | affected |
| Lenovo | Legion Pro 7 16IAX10H BIOS | 0 <= Q7CN31WW | affected |
| Lenovo | IdeaPad Slim 3 16IRH10R BIOS | 0 <= QDCN23WW | affected |
| Lenovo | Legion 5 15IRX9 BIOS | 0 <= PTCN14WW | affected |
| Lenovo | Lenovo V14 G6 ITN BIOS | 0 < RHCN20WW | affected |
| Lenovo | Yoga Book 9 14IAH10 BIOS | 0 <= QECN21WW | affected |
| Lenovo | IdeaPad Slim 3 14ITN9 BIOS | 0 < QUCN20WW | affected |
| Lenovo | IdeaPad Slim 3 16ARP10 BIOS | 0 < QBCN30WW | affected |
| Lenovo | IdeaPad Pro 5 16ASP10 BIOS | 0 <= R1CN24WW | affected |
| Lenovo | Legion 5 15APH9 BIOS | 0 < PJCN18WW | affected |
| Lenovo | Yoga 9 2-in-1 14ILL10 BIOS | 0 <= Q9CN22WW | affected |
| Lenovo | Yoga Book 9 13IMU9 BIOS | 0 <= NVCN24WW | affected |
| Lenovo | IdeaPad Pro 5 16IAH10 BIOS | 0 <= PZCN27WW | affected |
| Lenovo | LOQ 15IAX9E BIOS | 0 <= Q8CN17WW | affected |
| Lenovo | Yoga 9 2-in-1 14IMH9 BIOS | 0 <= NNCN31WW | affected |
Weaknesses
- CWE‑306: Missing Authentication for Critical Function
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.