CVE-2026-6282 | THREATINT

Description

A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to other users on the same device.

PUBLISHED Reserved 2026-04-14 | Published 2026-05-13 | Updated 2026-05-13 | Assigner lenovo

HIGH: 8.6CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

HIGH: 8.1CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Problem types

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Default status

unaffected

Any version before 5.5.6.t2s.3

affected

Default status

unaffected

Any version before 5.4.8.t2pro.2

affected

Default status

unaffected

Any version before 5.4.8.x1s.2

affected

Default status

unaffected

Any version before 5.5.8.t20.1

affected

Default status

unaffected

Any version before 5.4.4.x20.1

affected

Default status

unaffected

Any version

affected

Default status

unaffected

Any version

affected

Default status

unaffected

Any version

affected

Default status

unaffected

Any version

affected

Default status

unaffected

Any version

affected

Credits

Lenovo thanks Wang Jincheng, Professor Yu Le from Nanjing University of Posts and Telecommunications and Professor Luo Xiapu from The Hong Kong Polytechnic University finder

References

iknow.lenovo.com.cn/detail/440274

pc.lenovo.com.cn/tips/Ann/t1_eol.html

cve.org (CVE-2026-6282)

nvd.nist.gov (CVE-2026-6282)

Download JSON