CVE-2026-0421

CVSS 7 HIGHEPSS 0.1%CWE-252

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

14 Jan 2026Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A potential vulnerability was reported in the BIOS of L13 Gen 6, L13 Gen 6 2-in-1, L14 Gen 6, and L16 Gen 2 ThinkPads which could result in Secure Boot being disabled even when configured as “On” in the BIOS setup menu. This issue only affects systems where Secure Boot is set to User Mode.

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

Lenovo · ThinkPad L13 Gen 6 2 in 1 BIOS Lenovo · ThinkPad L13 Gen 6 BIOS Lenovo · ThinkPad L14 Gen 6 BIOS Lenovo · ThinkPad L16 Gen 2 BIOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://support.lenovo.com/us/en/product_security/LEN-210688