CVE-2026-8637

8.5HIGH

Key Information:

Vendor: Lenovo
Status: Lanschool Classic
Vendor: CVE Published:; 10 June 2026

What is CVE-2026-8637?

A potential uncontrolled search path vulnerability was reported in the LanSchool Classic client application that could allow a local authenticated user to execute arbitrary code with elevated privileges.

Affected Version(s)

LanSchool Classic 0 < 9.3.1.30

References

https://support.lenovo.com/us/en/product_security/LEN-217400

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2026
Vulnerability Reserved
May 14, 2026

Credit

Lenovo thanks Rafael Reis for reporting this vulnerability.

CVE-2026-8637 Data

JSON