CVE-2026-6090
7.0 HIGHA potential authentication bypass was reported in Lenovo Smart Connect for Windows that could allow a local authenticated user to execute...
Published: 2026-06-10 · Last updated: 2026-06-10
Severity and scoring
- CVSS
- 7.0 HIGH
- Vector
- CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-290
Description
A potential authentication bypass was reported in Lenovo Smart Connect for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-48567 — Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a network (10.0 CRITICAL)
- CVE-2026-11019 — Inappropriate implementation in Payments in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised... (6.5 MEDIUM)
- CVE-2026-11001 — Inappropriate implementation in Payments in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage... (6.5 MEDIUM)
- CVE-2026-8644 — IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing (9.1 CRITICAL)
- CVE-2026-42674 — Authentication Bypass by Spoofing vulnerability in AAM Plugin Advanced Access Manager allows URL Encoding (7.5 HIGH)