CVE-2026-0940
CVSS Score
6.7
EPSS Score
0.0%
EPSS Percentile
0th
A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a local privileged user to modify data and execute arbitrary code.
| CWE | CWE-665 |
| Vendor | lenovo |
| Product | thinkpad t14 gen 5 bios |
| Published | Mar 11, 2026 |
| Last Updated | Mar 13, 2026 |
Stay Ahead of the Next One
Get instant alerts for lenovo thinkpad t14 gen 5 bios
Be the first to know when new medium vulnerabilities affecting lenovo thinkpad t14 gen 5 bios are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
Lenovo / ThinkPad T14 Gen 5 BIOS
0 ≤ 1.17
Lenovo / ThinkPad P14s Gen 5 BIOS
0 ≤ 1.17
Lenovo / ThinkPad Z13 Gen 2 BIOS
0 ≤ 1.37
Lenovo / ThinkPad Z16 Gen 2 BIOS
0 ≤ 1.37
Lenovo / ThinkPad P16v Gen 1 BIOS
0 ≤ 1.62
Lenovo / ThinkPad P15v Gen 3 BIOS
0 ≤ 1.28
Lenovo / ThinkPad Z13 Gen 1 BIOS
0 ≤ 1.76
Lenovo / ThinkPad Z16 Gen 1 BIOS
0 ≤ 1.76
References
Credits
Lenovo thanks Krzysztof Okupski of IOActive for reporting this issue.