CVE-2026-0421 HIGH

CVE-2026-0421

Vendor Lenovo

Product ThinkPad L13 Gen 6 BIOS

Weakness CWE-252

Published January 14, 2026

Last update February 26, 2026

View on NVD All CVEs

CVSS base score

7.0/10

Attack vector Local

Attack complexity Low

Privileges required High

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A potential vulnerability was reported in the BIOS of L13 Gen 6, L13 Gen 6 2-in-1, L14 Gen 6, and L16 Gen 2 ThinkPads which could result in Secure Boot being disabled even when configured as “On” in the BIOS setup menu. This issue only affects systems where Secure Boot is set to User Mode.

Key dates

02Disclosure timeline

January 14, 2026 CVE published

February 26, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-0421 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/252.html

Related vulnerabilities

Identifiers

CVE CVE-2026-0421

CWE CWE-252

CVSS 7.0 / HIGH

Affected versions

Vendor Lenovo

Product ThinkPad L13 Gen 6 BIOS

Affected < 1.10

Vendor Lenovo

Product ThinkPad L13 Gen 6 2 in 1 BIOS

Affected < 1.10

Vendor Lenovo

Product ThinkPad L14 Gen 6 BIOS

Affected < 1.06

Vendor Lenovo

Product ThinkPad L16 Gen 2 BIOS

Affected < 1.06

CVE-2026-0421

01Description

02Disclosure timeline

03References

04Related CVE