ThinkPad BIOS vulnerability allows local user to modify data and execute code

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.4

ThinkPad BIOS vulnerability allows local user to modify data and execute code

CVE-2026-0940

Summary

A security issue in the BIOS of some ThinkPad laptops could let a user with administrative access on the machine make unauthorized changes and run malicious code. This could potentially lead to data loss or system compromise. Lenovo is investigating and recommends keeping the BIOS up to date to mitigate the risk.

Original title

A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a local privileged user to modify data and execute arbitrary code.

Original description

A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a local privileged user to modify data and execute arbitrary code.

nvd CVSS3.1 6.7

nvd CVSS4.0 8.4

Vulnerability type

CWE-665

https://support.lenovo.com/us/en/product_security/LEN-213040

Published: 11 Mar 2026 · Updated: 14 Mar 2026 · First seen: 11 Mar 2026