Cyber Resilience

CVE-2026-1715

Medium

Published: 11 March 2026

Published
11 March 2026
Modified
25 March 2026
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0003 7.8th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-1715 is a medium-severity Argument Injection (CWE-88) vulnerability in Lenovo Vantage. Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 7.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-1715 is an input validation vulnerability in the DeviceSettingsSystemAddin component used by Lenovo Vantage and Lenovo Baiying software. This flaw enables a local authenticated user to modify arbitrary registry keys with elevated privileges, as reported on March 11, 2026. The vulnerability carries a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H) and is associated with CWE-88.

A local attacker with low privileges, such as a standard authenticated user on the system, can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation allows modification of arbitrary Windows registry keys under elevated privileges, potentially leading to high integrity and availability impacts, such as persistence mechanisms, privilege escalation, or system disruption, though confidentiality is not directly affected.

Lenovo has issued security advisories detailing mitigation, available at https://support.lenovo.com/us/en/product_security/LEN-213044 and https://iknow.lenovo.com.cn/detail/438815, which security practitioners should consult for patch information and remediation steps.

EU & UK References

Vulnerability details

An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to modify arbitrary registry keys with elevated privileges.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1112 Modify Registry Defense Impairment
Adversaries may interact with the Windows Registry as part of a variety of other techniques to aid in defense evasion, persistence, and execution.
Why these techniques?

Vulnerability directly enables local privilege escalation (T1068) by allowing arbitrary registry key modification (T1112) with elevated rights from a low-privileged account.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-1716Same product: Lenovo Vantage
CVE-2025-13455Same vendor: Lenovo
CVE-2026-0634Shared CWE-88
CVE-2026-4145Shared CWE-88
CVE-2025-15316Shared CWE-88
CVE-2026-41013Shared CWE-88
CVE-2025-15315Shared CWE-88
CVE-2025-0065Shared CWE-88
CVE-2025-12556Shared CWE-88
CVE-2026-24061Shared CWE-88

Affected Assets

lenovo
vantage
≤ 1.0.8.15

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of input to the DeviceSettingsSystemAddin to block malformed data that enables arbitrary registry modification.

prevent

Enforces access-control decisions so that even an authenticated local user cannot alter arbitrary registry keys outside their authorized scope.

prevent

Limits privileges assigned to Lenovo Vantage/Baiying processes, reducing the impact of the elevation that the input-validation flaw permits.

References