← volver
CVE-2026-0940

CVE-2026-0940

CVSS 8.4 HIGHEPSS 0.1%CWE-665
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 8.4EPSS 0.1%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
11 mar 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a local privileged user to modify data and execute arbitrary code.
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Productos afectados
Lenovo · ThinkPad P14s Gen 5 BIOSLenovo · ThinkPad P15v Gen 3 BIOSLenovo · ThinkPad P16v Gen 1 BIOSLenovo · ThinkPad T14 Gen 5 BIOSLenovo · ThinkPad Z13 Gen 1 BIOSLenovo · ThinkPad Z13 Gen 2 BIOSLenovo · ThinkPad Z16 Gen 1 BIOSLenovo · ThinkPad Z16 Gen 2 BIOS

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://support.lenovo.com/us/en/product_security/LEN-213040