CVE-2026-2640 | THREATINT

Description

During an internal security assessment, a potential vulnerability was discovered in Lenovo PC Manager that could allow a local authenticated user to terminate privileged processes.

PUBLISHED Reserved 2026-02-17 | Published 2026-03-11 | Updated 2026-03-12 | Assigner lenovo

MEDIUM: 6.8CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

MEDIUM: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-269: Improper Privilege Management

Product status

Default status

unaffected

Any version before 5.1.160.12302

affected

Credits

Lenovo thanks Victor Soler Renaud of Devoteam Purple Team for subsequently reporting this vulnerability. finder

References

iknow.lenovo.com.cn/detail/438816

cve.org (CVE-2026-2640)

nvd.nist.gov (CVE-2026-2640)

Download JSON