Authentication Bypass in Lenovo Smart Connect for Windows
CVE-2026-6090
7.3HIGH
What is CVE-2026-6090?
A vulnerability has been identified in Lenovo Smart Connect for Windows that potentially allows a local authenticated user to bypass authentication mechanisms. This flaw could enable the execution of arbitrary code with elevated privileges, posing significant security risks to affected systems. Users are advised to update their software to mitigate the impact of this issue.
Affected Version(s)
Smart Connect Windows 0 < 09.0.2.003.000
References
CVSS V4
Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Lenovo thanks Lex Bitcow for reporting this vulnerability.