DLL Hijacking Vulnerability in Lenovo Service Bridge
CVE-2026-1636

5.4MEDIUM

Key Information:

Vendor: Lenovo
Status: Service Bridge
Vendor: CVE Published:; 15 April 2026

What is CVE-2026-1636?

A potential DLL hijacking vulnerability was found in Lenovo Service Bridge, which may enable a local authenticated user to execute arbitrary code with elevated privileges under specific conditions. This vulnerability highlights the importance of ensuring that software applications are designed with security best practices to mitigate risks associated with privilege escalation.

Affected Version(s)

Service Bridge 0 < 5.0.2.20

References

https://support.lenovo.com/us/en/product_security/LEN-211071

CVSS V4

Score:

5.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2026
Vulnerability Reserved
Jan 29, 2026

Credit

Lenovo thanks Victor Rodriguez (aka NT3P) for reporting this issue.

CVE-2026-1636 Data

JSON