CVE-2026-6281 HIGH

CVE-2026-6281

Vendor Lenovo

Product Personal Cloud T2s

Weakness CWE-78

Published May 13, 2026

Last update May 13, 2026

View on NVD All CVEs

CVSS base score

8.7/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user on the local network to execute arbitrary commands on the device.

Key dates

02Disclosure timeline

May 13, 2026 CVE published

May 13, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-6281 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

Identifiers

CVE CVE-2026-6281

CWE CWE-78

CVSS 8.7 / HIGH

Affected versions

Vendor Lenovo

Product Personal Cloud T2s

Affected < 5.5.6.t2s.3

Vendor Lenovo

Product Personal Cloud T2Pro

Affected < 5.4.8.t2pro.2

Vendor Lenovo

Product Personal Cloud X1s

Affected < 5.4.8.x1s.2

Vendor Lenovo

Product Home Storage Hub T20

Affected < 5.5.8.t20.1

Vendor Lenovo

Product Home Storage Hub X20

Affected < 5.4.4.x20.1

Vendor Lenovo

Product Personal Cloud T1

Affected ≤ 5.4.0.t1.6

Vendor Lenovo

Product Personal Cloud A1

Affected ≤ 5.4.2.a1.3

Vendor Lenovo

Product Personal Cloud A1s

Affected ≤ 5.5.6.a1s

Vendor Lenovo

Product Personal Cloud T2

Affected ≤ 5.4.5.t2.2

Vendor Lenovo

Product Personal Cloud X1

Affected ≤ 5.4.7.x1.1

CVE-2026-6281

01Description

02Disclosure timeline

03References

04Related CVE