Arbitrary File Write Vulnerability in Lenovo Software Fix
CVE-2026-4135

5.2MEDIUM

Key Information:

Vendor: Lenovo
Status: Software Fix
Vendor: CVE Published:; 15 April 2026

What is CVE-2026-4135?

A vulnerability has been identified in Lenovo Software Fix where a local authenticated user can exploit this flaw to execute arbitrary file writes with elevated privileges during installation. This could potentially lead to unauthorized access to sensitive system areas, risking the integrity and security of the operating environment.

Affected Version(s)

Software Fix 0 < 7.5.5.19

References

https://support.lenovo.com/us/en/product_security/LEN-213829

CVSS V4

Score:

5.2

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2026
Vulnerability Reserved
Mar 13, 2026

CVE-2026-4135 Data

JSON