CVE-2026-4134PATCHED

lenovo · software fix

CVE-2026-4134: During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during ins

Description

During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to execute code with elevated privileges.

Affected Products

Vendor	Product	Versions
lenovo	software fix	0

References

https://support.lenovo.com/us/en/product_security/LEN-213829

Related News (1 articles)

Tier C

VulDB36d ago

CVE-2026-4134 | Lenovo Software Fix prior 7.5.5.19 Installation uncontrolled search path

→ No new info (linked only)

CVSS 3.17.3 HIGH

VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

Patch available

7.5.5.19

CWECWE-427

PublishedApr 15, 2026

Last enriched35d agov2

Trending Score1

Source articles1

Independent1

Info Completeness8/14

Missing: cvss, epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

PRE-CVE

Lenovo LegionSpace 1.7.11.2 'DAService' Unquoted Service Path Vulnerability

Trending: 19

NONECVE-2026-6281EXP

CVE-2026-6281: A potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authentic

Trending: 12

NONECVE-2026-6282EXP

CVE-2026-6282: A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that

Trending: 12

HIGHCVE-2026-4145

CVE-2026-4145: During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix that could allow

Trending: 1

HIGHCVE-2026-0827

CVE-2026-0827: During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareS

Trending: 1

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 15, 2026

Discovered by ZDM

Apr 15, 2026

Updated: description, severity

Apr 15, 2026

Patch Available

Apr 15, 2026

Version History

Last enriched 35d ago

v2Tier C36d ago

Updated description with more technical detail, changed severity to HIGH, and clarified that no exploit is available.

descriptionseverity

via VulDB

v136d ago

Initial creation