Uncontrolled Search Path Vulnerability in LanSchool Classic by Lenovo
CVE-2026-8637

8.5HIGH

Key Information:

Vendor

Lenovo

Vendor
CVE Published:
10 June 2026

What is CVE-2026-8637?

A vulnerability in the LanSchool Classic client application could enable a local authenticated user to execute arbitrary code with elevated privileges. This issue arises from insufficient validation of the search path, potentially allowing unauthorized code execution, which can lead to compromised system integrity. Users of LanSchool Classic should take immediate steps to mitigate this risk by applying available updates and reviewing their security configurations.

Affected Version(s)

LanSchool Classic 0 < 9.3.1.30

References

CVSS V4

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Lenovo thanks Rafael Reis for reporting this vulnerability.
.