Cyber Posture

CVE-2026-1715

High

Published: 11 March 2026

Published
11 March 2026
Modified
25 March 2026
KEV Added
Patch
CVSS Score 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS Score 0.0002 6.4th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-1715 is a high-severity Argument Injection (CWE-88) vulnerability in Lenovo Vantage. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 6.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068) and 1 other technique.
Threat & Defense Details

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
T1112 Modify Registry Defense Impairment
Adversaries may interact with the Windows Registry as part of a variety of other techniques to aid in defense evasion, persistence, and execution.
attack.mitre.org →
Why these techniques?

Vulnerability directly enables local privilege escalation (T1068) by allowing arbitrary registry key modification (T1112) with elevated rights from a low-privileged account.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to modify arbitrary registry keys with elevated privileges.

Deeper analysisAI

CVE-2026-1715 is an input validation vulnerability in the DeviceSettingsSystemAddin component used by Lenovo Vantage and Lenovo Baiying software. This flaw enables a local authenticated user to modify arbitrary registry keys with elevated privileges, as reported on March 11, 2026. The vulnerability carries a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H) and is associated with CWE-88.

A local attacker with low privileges, such as a standard authenticated user on the system, can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation allows modification of arbitrary Windows registry keys under elevated privileges, potentially leading to high integrity and availability impacts, such as persistence mechanisms, privilege escalation, or system disruption, though confidentiality is not directly affected.

Lenovo has issued security advisories detailing mitigation, available at https://support.lenovo.com/us/en/product_security/LEN-213044 and https://iknow.lenovo.com.cn/detail/438815, which security practitioners should consult for patch information and remediation steps.

Details

CWE(s)
CWE-88

Affected Products

lenovo
vantage
≤ 1.0.8.15

CVEs Like This One

CVE-2026-1716Same product: Lenovo Vantage
CVE-2025-13455Same vendor: Lenovo
CVE-2025-0065Shared CWE-88
CVE-2025-15316Shared CWE-88
CVE-2025-15315Shared CWE-88
CVE-2026-0634Shared CWE-88
CVE-2026-4145Shared CWE-88
CVE-2025-12556Shared CWE-88
CVE-2026-24061Shared CWE-88
CVE-2026-26194Shared CWE-88

References