Local Code Execution Vulnerability in Lenovo Software Fix
CVE-2026-4134

7HIGH

Key Information:

Vendor: Lenovo
Status: Software Fix
Vendor: CVE Published:; 15 April 2026

What is CVE-2026-4134?

A potential vulnerability has been identified in Lenovo Software Fix that may allow a locally authenticated user to execute code with elevated privileges during the installation process. This situation poses a risk of unauthorized actions being performed on the system, thereby compromising system integrity and security. It is crucial for users operating affected versions to remain vigilant and apply necessary updates.

Affected Version(s)

Software Fix 0 < 7.5.5.19

References

https://support.lenovo.com/us/en/product_security/LEN-213829

CVSS V4

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2026
Vulnerability Reserved
Mar 13, 2026

CVE-2026-4134 Data

JSON