Authentication Bypass in Lenovo Smart Connect for Windows
CVE-2026-6090

7.3HIGH

Key Information:

Vendor

Lenovo

Vendor
CVE Published:
10 June 2026

What is CVE-2026-6090?

A vulnerability has been identified in Lenovo Smart Connect for Windows that potentially allows a local authenticated user to bypass authentication mechanisms. This flaw could enable the execution of arbitrary code with elevated privileges, posing significant security risks to affected systems. Users are advised to update their software to mitigate the impact of this issue.

Affected Version(s)

Smart Connect Windows 0 < 09.0.2.003.000

References

CVSS V4

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Lenovo thanks Lex Bitcow for reporting this vulnerability.
.