CVE-2026-1715
Published: 11 March 2026
Summary
CVE-2026-1715 is a medium-severity Argument Injection (CWE-88) vulnerability in Lenovo Vantage. Its CVSS base score is 6.9 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 7.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2026-1715 is an input validation vulnerability in the DeviceSettingsSystemAddin component used by Lenovo Vantage and Lenovo Baiying software. This flaw enables a local authenticated user to modify arbitrary registry keys with elevated privileges, as reported on March 11, 2026. The vulnerability carries a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H) and is associated with CWE-88.
A local attacker with low privileges, such as a standard authenticated user on the system, can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation allows modification of arbitrary Windows registry keys under elevated privileges, potentially leading to high integrity and availability impacts, such as persistence mechanisms, privilege escalation, or system disruption, though confidentiality is not directly affected.
Lenovo has issued security advisories detailing mitigation, available at https://support.lenovo.com/us/en/product_security/LEN-213044 and https://iknow.lenovo.com.cn/detail/438815, which security practitioners should consult for patch information and remediation steps.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-11357
Vulnerability details
An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to modify arbitrary registry keys with elevated privileges.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability directly enables local privilege escalation (T1068) by allowing arbitrary registry key modification (T1112) with elevated rights from a low-privileged account.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of input to the DeviceSettingsSystemAddin to block malformed data that enables arbitrary registry modification.
Enforces access-control decisions so that even an authenticated local user cannot alter arbitrary registry keys outside their authorized scope.
Limits privileges assigned to Lenovo Vantage/Baiying processes, reducing the impact of the elevation that the input-validation flaw permits.