Platform
windows
Component
lenovo-software-fix
Fixed in
7.5.5.19
CVE-2026-4134 describes a privilege escalation vulnerability discovered in Lenovo Software Fix. This flaw allows a local, authenticated user to execute code with elevated privileges during the installation process, potentially leading to unauthorized system access and control. The vulnerability affects versions from 0.0.0 up to and including 7.5.5.19. A fix is available in version 7.5.5.19.
Successful exploitation of CVE-2026-4134 could allow an attacker with local access and authentication to gain significantly elevated privileges on a system running vulnerable Lenovo Software Fix. This could enable them to install malicious software, modify system configurations, steal sensitive data, or even take complete control of the compromised machine. The impact is particularly severe because it bypasses standard user-level restrictions, granting the attacker administrative-level access. While the vulnerability requires local access, this could be achieved through physical access to the machine or through other vulnerabilities that allow initial foothold.
CVE-2026-4134 was published on 2026-04-15. The EPSS score is pending evaluation. No public proof-of-concept (PoC) code is currently known. It is not listed on the CISA KEV catalog as of this writing. Given the nature of privilege escalation vulnerabilities, it is prudent to assume potential for exploitation once a PoC becomes available.
Exploit Status
EPSS
0.01% (3% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-4134 is to upgrade Lenovo Software Fix to version 7.5.5.19 or later. If immediate upgrade is not possible due to compatibility issues or system downtime constraints, consider restricting user privileges to minimize the potential impact of a successful exploit. While a direct workaround is unavailable, ensuring robust user account controls and monitoring installation processes can help detect and prevent unauthorized activity. After upgrading, verify the installation completed successfully and that the software version reflects the updated release.
Update Lenovo Software Fix to version 7.5.5.19 or later to mitigate the vulnerability. Download the update from the Lenovo support website or through Lenovo Vantage. Ensure the software is updated to prevent the execution of unauthorized code with elevated privileges.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-4134 is a HIGH severity vulnerability affecting Lenovo Software Fix versions 0.0.0 through 7.5.5.19, allowing a local authenticated user to execute code with elevated privileges during installation.
If you are using Lenovo Software Fix versions 0.0.0 through 7.5.5.19, you are potentially affected by this vulnerability. Check your installed version and upgrade accordingly.
Upgrade Lenovo Software Fix to version 7.5.5.19 or later to remediate the vulnerability. If immediate upgrade is not possible, restrict user privileges.
As of the current date, there is no confirmed active exploitation of CVE-2026-4134, but it's prudent to apply the patch proactively.
Refer to the official Lenovo Software Fix security advisory for detailed information and updates regarding CVE-2026-4134.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.