CVE-2026-6090

7.3HIGH

Key Information:

Vendor: Lenovo
Status: Smart Connect
Vendor: CVE Published:; 10 June 2026

What is CVE-2026-6090?

A potential authentication bypass was reported in Lenovo Smart Connect for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges.

Affected Version(s)

Smart Connect Windows 0 < 09.0.2.003.000

References

https://support.lenovo.com/us/en/product_security/LEN-218281

CVSS V4

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2026
Vulnerability Reserved
Apr 10, 2026

Credit

Lenovo thanks Lex Bitcow for reporting this vulnerability.

CVE-2026-6090 Data

JSON