Lenovo SmartConnect Auth Bypass: Local Auth User Escalates Privileges Windows
CVE-2026-6090 Published on June 10, 2026

A potential authentication bypass was reported in Lenovo Smart Connect for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges.

NVD

Vulnerability Analysis

CVE-2026-6090 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:

LOCAL

Attack Complexity:

HIGH

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

Authentication Bypass by Spoofing

This attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks.

Products Associated with CVE-2026-6090

Want to know whenever a new CVE is published for Lenovo Smart Connect? stack.watch will email you.

Lenovo Smart Connect

Affected Versions

Lenovo Smart Connect:

Before 09.0.2.003.000 is affected.

Lenovo SmartConnect Auth Bypass: Local Auth User Escalates Privileges WindowsCVE-2026-6090 Published on June 10, 2026

Vulnerability Analysis

Weakness Type

Authentication Bypass by Spoofing

Products Associated with CVE-2026-6090

Affected Versions

Lenovo SmartConnect Auth Bypass: Local Auth User Escalates Privileges Windows
CVE-2026-6090 Published on June 10, 2026