CVE-2026-6282EXPLOITEDPATCHED

lenovo · personal cloud t2s

CVE-2026-6282: A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that

Description

A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to other users on the same device.

Affected Products

Vendor	Product	Versions
lenovo	personal cloud t2s	0, 0, 0, 0, 0, 0, 0, 0, 0, 0

References

Related News (1 articles)

Tier C

VulDB7d ago

CVE-2026-6282 | Lenovo Personal Cloud X1 prior 5.5.6.t2s.3 path traversal

→ No new info (linked only)

CVSS 3.18.1 NONE

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

5.5.6.t2s.35.4.8.t2pro.25.4.8.x1s.25.5.8.t20.15.4.4.x20.1

CWECWE-22

PublishedMay 13, 2026

Last enriched7d agov2

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

PRE-CVE

Lenovo LegionSpace 1.7.11.2 'DAService' Unquoted Service Path Vulnerability

Trending: 19

NONECVE-2026-6281EXP

CVE-2026-6281: A potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authentic

Trending: 12

HIGHCVE-2026-4145

CVE-2026-4145: During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix that could allow

Trending: 1

HIGHCVE-2026-0827

CVE-2026-0827: During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareS

Trending: 1

HIGHCVE-2026-4134

CVE-2026-4134: During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during ins

Trending: 1

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

May 13, 2026

Discovered by ZDM

May 13, 2026

Updated: description, severity, affectedVersions, activelyExploited, tags

May 13, 2026

Actively Exploited

May 13, 2026

Patch Available

May 13, 2026

Version History

Last enriched 7d ago

v2Tier C7d ago

Updated severity to CRITICAL, added new affected versions, and changed exploit availability status.

descriptionseverityaffectedVersionsactivelyExploitedtags

via VulDB

v17d ago

Initial creation