CVE-2026-0421

Published: Jan 14, 2026

Modified: Feb 26, 2026

PUBLISHED

CVSS v3.1

6.5

MEDIUM

Description

A potential vulnerability was reported in the BIOS of L13 Gen 6, L13 Gen 6 2-in-1, L14 Gen 6, and L16 Gen 2 ThinkPads which could result in Secure Boot being disabled even when configured as “On” in the BIOS setup menu. This issue only affects systems where Secure Boot is set to User Mode.

Vendor	Product	Versions
Lenovo	ThinkPad L13 Gen 6 BIOS	affected `0 - < 1.10`
Lenovo	ThinkPad L13 Gen 6 2 in 1 BIOS	affected `0 - < 1.10`
Lenovo	ThinkPad L14 Gen 6 BIOS	affected `0 - < 1.06`
Lenovo	ThinkPad L16 Gen 2 BIOS	affected `0 - < 1.06`

Weaknesses (CWE)

CWE-252

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

https://support.lenovo.com/us/en/product_security/LEN-210688

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-0421

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References