CVE-2026-0940

Improper BIOS Initialization Allowing Local Privilege Escalation on Lenovo ThinkPads

Description

A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a local privileged user to modify data and execute arbitrary code.

INFO

Published Date :

2026-03-11T20:21:17.160Z

Last Modified :

2026-03-13T03:55:41.336Z

Source :

lenovo

AFFECTED PRODUCTS

The following products are affected by CVE-2026-0940 vulnerability.

Vendors	Products
Lenovo	Thinkpad P14s Gen 5 Bios Thinkpad P15v Gen 3 Bios Thinkpad P16v Gen 1 Bios Thinkpad T14 Gen 5 Bios Thinkpad Z13 Gen 1 Bios Thinkpad Z13 Gen 2 Bios Thinkpad Z16 Gen 1 Bios Thinkpad Z16 Gen 2 Bios

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-0940.

URL	Resource
https://support.lenovo.com/us/en/product_security/LEN-213040

CVSS Vulnerability Scoring System

V4
V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact