Cyber Resilience

CVE-2026-1716

Medium

Published: 11 March 2026

Published
11 March 2026
Modified
25 March 2026
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0003 7.8th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-1716 is a medium-severity Argument Injection (CWE-88) vulnerability in Lenovo Vantage. Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Modify Registry (T1112); ranked at the 7.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-6 (Least Privilege).

Deeper analysis

CVE-2026-1716 is an input validation vulnerability in the DeviceSettingsSystemAddin component used by Lenovo Vantage and Lenovo Baiying. Published on 2026-03-11, it allows a local authenticated user to delete arbitrary registry keys with elevated privileges. The issue is rated with a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H) and maps to CWE-88 (Improper Neutralization of Argument Delimiters in a Command).

A local attacker with low privileges can exploit this vulnerability with low attack complexity and no user interaction required. Successful exploitation grants the ability to delete arbitrary registry keys using elevated privileges, resulting in high impacts to integrity and availability, though confidentiality is unaffected.

Lenovo has published security advisories detailing the vulnerability, affected products, and mitigation steps. Security practitioners should consult https://support.lenovo.com/us/en/product_security/LEN-213044 and https://iknow.lenovo.com.cn/detail/438815 for patch information and remediation guidance.

EU & UK References

Vulnerability details

An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to delete arbitrary registry keys with elevated privileges.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1112 Modify Registry Defense Impairment
Adversaries may interact with the Windows Registry as part of a variety of other techniques to aid in defense evasion, persistence, and execution.
Why these techniques?

Local authenticated low-priv user can delete arbitrary registry keys via elevated component, directly enabling Modify Registry (T1112) for integrity/availability impact.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-1715Same product: Lenovo Vantage
CVE-2025-13455Same vendor: Lenovo
CVE-2026-24061Shared CWE-88
CVE-2026-31230Shared CWE-88
CVE-2026-0634Shared CWE-88
CVE-2026-40113Shared CWE-88
CVE-2025-12556Shared CWE-88
CVE-2026-44193Shared CWE-88
CVE-2026-22582Shared CWE-88
CVE-2025-21613Shared CWE-88

Affected Assets

lenovo
vantage
≤ 1.0.8.15

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of inputs to the DeviceSettingsSystemAddin to block malformed arguments that enable arbitrary registry-key deletion.

prevent

Limits the privileges available to the local authenticated user and the Vantage add-in, reducing the ability to perform elevated registry deletions even if input validation fails.

prevent

Enforces access restrictions on configuration changes, preventing unauthorized or unapproved deletion of registry keys by the compromised Lenovo component.

References