During an internal security assessment, a potential improper access control vulnerability was discovered in Lenovo Smart Connect for Windows that could allow a local authenticated user to access files owned by a different user on the same system.

Project Subscriptions

Vendors Products
Smart Connect Subscribe
Advisories

No advisories yet.

Fixes

Solution

Update Lenovo Smart Connect for Windows to version 09.0.2.003.000 or later. Smart Connect will prompt the user to download latest version when launched.


Workaround

No workaround given by the vendor.

History

Thu, 16 Jul 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 16 Jul 2026 17:00:00 +0000

Type Values Removed Values Added
Description During an internal security assessment, a potential improper access control vulnerability was discovered in Lenovo Smart Connect for Windows that could allow a local authenticated user to access files owned by a different user on the same system.
First Time appeared Lenovo
Lenovo smart Connect
Weaknesses CWE-306
CPEs cpe:2.3:a:lenovo:smart_connect:*:*:windows:*:*:*:*:*
Vendors & Products Lenovo
Lenovo smart Connect
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}


Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: lenovo

Published:

Updated: 2026-07-16T17:59:36.981Z

Reserved: 2026-04-17T13:03:29.141Z

Link: CVE-2026-6511

cve-icon Vulnrichment

Updated: 2026-07-16T17:59:33.173Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-16T19:00:04Z

Weaknesses