SecuriTricks - CVE-2026-0421

Description

A potential vulnerability was reported in the BIOS of L13 Gen 6, L13 Gen 6 2-in-1, L14 Gen 6, and L16 Gen 2 ThinkPads which could result in Secure Boot being disabled even when configured as “On” in the BIOS setup menu. This issue only affects systems where Secure Boot is set to User Mode.

Product(s) Impacted

Vendor	Product	Versions
Lenovo	Thinkpad L13 Gen 6 Thinkpad L14 Gen 6 Thinkpad L16 Gen 2	* * *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-252

Unchecked Return Value

The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
h	lenovo	thinkpad_l13_gen_6	/	/	/	/	/	/	/	/
h	lenovo	thinkpad_l14_gen_6	/	/	/	/	/	/	/	/
h	lenovo	thinkpad_l16_gen_2	/	/	/	/	/	/	/	/

References

https://support.lenovo.com/us/en/product_security/LEN-210688

CVSS Score

7.0 / 10

CVSS Data - 4.0

Attack Vector: LOCAL
Attack Complexity: LOW
Attack Requirements: NONE
Privileges Required: HIGH
User Interaction: PASSIVE
Scope:
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Exploit Maturity: NOT_DEFINED

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

View Vector String

Timeline

Published: Jan. 14, 2026, 11:15 p.m.
Last Modified: Jan. 14, 2026, 11:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

[email protected]

CVE-2026-0421