CVE-2026-10590

Summary

A potential missing authentication vulnerability could allow a local privileged attacker to use WMI commands to arbitrarily trigger a System Management Interrupt handler.

Affected Software

VendorProductVersion RangeStatus
LenovoYoga Pro 7 15IPH11 BIOS0 < TNCN37WWaffected
LenovoIdeaPad Pro 5 16IPH11 BIOS0 < S4CN62WWaffected
LenovoLegion 7 16AGP11 BIOS0 <= TPCN27WWaffected
LenovoIdeaPad Pro 5 16AGP11 BIOS0 <= T8CN19WWaffected
LenovoLegion Pro 5 16ADR10 BIOS0 <= U5CN07WWaffected
LenovoLenovo V15 G6 ARP BIOS0 <= TYCN15WWaffected
LenovoLOQ 15ARP10E BIOS0 < SUCN18WWaffected
LenovoYoga Book 9 14IAH10 BIOS0 <= QEME23WWaffected
LenovoLegion Pro 7 16AFR10H BIOS0 < SMCN20WWaffected
LenovoLegion Pro 5 16AFR10 BIOS0 <= RECN14WWaffected
LenovoLegion Pro 7 16ADR10H BIOS0 < SJCN17WWaffected
LenovoLenovo V15 G4 AMN BIOS0 < L1CN72WWaffected
LenovoThinkBook Plus G6 Rollable BIOS0 <= QWCN34WWaffected
LenovoLegion 5 15IAX10 BIOS0 <= S2CN15WWaffected
LenovoLegion 5 15AKP10 BIOS0 <= RYCN22WWaffected
LenovoLegion 5 15IRX10 BIOS0 <= QNCN28WWaffected
LenovoLegion Pro 5 16IRX10 BIOS0 <= S9CN13WWaffected
LenovoThinkBook 16p G6 ADR BIOS0 < R7CN26WWaffected
LenovoLegion Pro 5 16ADR10 BIOS0 <= RLCN21WWaffected
LenovoLegion 5 15AHP10 BIOS0 < RGCN35WWaffected
LenovoLegion Pro 7 16IRX9H BIOS0 <= N2CN26WWaffected
LenovoLegion 9 16IRX9 BIOS0 <= NXCN20WWaffected
LenovoIdeaPad Slim 3 16IRU9 BIOS0 < P2CN27WWaffected
LenovoLegion Pro 5 16IRX9 BIOS0 < N0CN35WWaffected
LenovoIdeaPad Pro 5 16IMH9 BIOS0 <= MECN68WWaffected
LenovoLegion Pro 7 16ARX8H BIOS0 <= LPCN45WWaffected
LenovoThinkBook Plus G4 IRU BIOS0 <= LUCN47WWaffected
LenovoLegion Slim 5 14APH8 BIOS0 <= MACN33WWaffected
LenovoThinkBook Plus G5 Tab&ThinkBook Plus G5 Station BIOS0 <= P8CN42WWaffected
LenovoLegion Pro 7 16ARX8H BIOS0 <= LPCN59WWaffected
LenovoLenovo V15 G4 IAH BIOS0 < MCCN39WWaffected
LenovoLenovo V15 G5 IRL BIOS0 < PMCN38WWaffected
LenovoYoga Pro 9 14IRP8 BIOS0 <= MBCN33WWaffected
LenovoIdeaPad Slim 3 16IRH8 BIOS0 < LTCN44WWaffected
LenovoIdeaPad Pro 5 16IRH8 BIOS0 <= KZCN46WWaffected
LenovoIdeaPad Slim 3 15AMN8 BIOS0 < L1CN51WWaffected
LenovoYoga 9 14IRP8 BIOS0 < L4CN31WWaffected
LenovoLegion Pro 5 16ARX8 BIOS0 <= LPCN59WWaffected
LenovoLenovo S14 G3 IAP BIOS0 <= JKCN49WWaffected
LenovoIdeaPad 5 15ABA7 BIOS0 < KACN29WWaffected
LenovoThinkBook 16p G5 IRX BIOS0 < P5CN31WWaffected
LenovoLenovo V15 G2 IJL Laptop BIOS0 < HTCN49WWaffected
LenovoYoga Pro 9 16IMH9 BIOS0 <= NKCN30WWaffected
LenovoThinkBook 16p G6 IAX BIOS0 < R2CN57WWaffected
LenovoLegion 7 16IAX10 BIOS0 <= RXCN18WWaffected
LenovoLegion Pro 5 16IAX10 BIOS0 <= Q6CN26WWaffected
LenovoLegion Pro 7 16IAX10H BIOS0 <= Q7CN31WWaffected
LenovoIdeaPad Slim 3 16IRH10R BIOS0 <= QDCN23WWaffected
LenovoLegion 5 15IRX9 BIOS0 <= PTCN14WWaffected
LenovoLenovo V14 G6 ITN BIOS0 < RHCN20WWaffected
LenovoYoga Book 9 14IAH10 BIOS0 <= QECN21WWaffected
LenovoIdeaPad Slim 3 14ITN9 BIOS0 < QUCN20WWaffected
LenovoIdeaPad Slim 3 16ARP10 BIOS0 < QBCN30WWaffected
LenovoIdeaPad Pro 5 16ASP10 BIOS0 <= R1CN24WWaffected
LenovoLegion 5 15APH9 BIOS0 < PJCN18WWaffected
LenovoYoga 9 2-in-1 14ILL10 BIOS0 <= Q9CN22WWaffected
LenovoYoga Book 9 13IMU9 BIOS0 <= NVCN24WWaffected
LenovoIdeaPad Pro 5 16IAH10 BIOS0 <= PZCN27WWaffected
LenovoLOQ 15IAX9E BIOS0 <= Q8CN17WWaffected
LenovoYoga 9 2-in-1 14IMH9 BIOS0 <= NNCN31WWaffected

Weaknesses

  • CWE‑306: Missing Authentication for Critical Function

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References