Platform
linux
Component
lenovo-software-fix
Fixed in
7.5.5.19
CVE-2026-4145 describes a vulnerability in Lenovo Software Fix that could allow an attacker to execute arbitrary code with elevated privileges. This flaw stems from an internal security assessment and impacts versions from 0.0.0 up to and including 7.5.5.19. A fix is available in version 7.5.5.19, and users are strongly advised to upgrade.
Successful exploitation of CVE-2026-4145 allows a local, authenticated attacker to execute arbitrary code with elevated privileges on the affected system. This means the attacker could potentially gain complete control over the system, install malware, steal sensitive data, or modify system configurations. The elevated privileges significantly broaden the scope of potential damage, allowing the attacker to bypass standard security controls and access resources normally protected. The impact is particularly severe in environments where Lenovo Software Fix is used for critical system management or automation tasks.
CVE-2026-4145 was disclosed on 2026-04-15. Currently, there are no publicly available proof-of-concept exploits. The vulnerability's impact is considered high due to the potential for arbitrary code execution with elevated privileges. It is not currently listed on the CISA KEV catalog, and no active exploitation campaigns have been reported. Monitor security advisories and threat intelligence feeds for any updates.
Exploit Status
EPSS
0.01% (1% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-4145 is to upgrade Lenovo Software Fix to version 7.5.5.19 or later. If an immediate upgrade is not feasible due to compatibility issues or system downtime constraints, consider implementing stricter access controls to limit the number of authenticated users with access to the vulnerable component. While a direct workaround is not available, reviewing and hardening existing privilege management policies can reduce the potential impact of a successful exploit. After upgrading, verify the fix by attempting to trigger the vulnerable code path and confirming that it is no longer exploitable.
Update Lenovo Software Fix to version 7.5.5.19 or later to mitigate the arbitrary code execution vulnerability. See the Lenovo security page (https://support.lenovo.com/us/en/product_security/LEN-213829) for detailed instructions and download links.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-4145 is a HIGH severity vulnerability affecting Lenovo Software Fix versions 0.0.0 through 7.5.5.19. It allows a local authenticated user to execute arbitrary code with elevated privileges.
You are affected if you are using Lenovo Software Fix versions 0.0.0 through 7.5.5.19. Check your installed version and upgrade if necessary.
Upgrade Lenovo Software Fix to version 7.5.5.19 or later. If immediate upgrade is not possible, implement stricter access controls.
Currently, there are no publicly available proof-of-concept exploits or reports of active exploitation, but vigilance is advised.
Refer to the official Lenovo Security Vulnerability Updates page for the latest information and advisory related to CVE-2026-4145.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.