CVE-2026-6282_CVE-2026-6282

8.6 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Description

A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to other users on the same device.

AI Analysis

Improper file path validation vulnerability in Lenovo Personal Cloud Storage devices allowing remote authenticated users to move or access files belonging to other users

Basic Information

ID CVE-2026-6282

Source lenovo

Published May 13, 2026 at 14:15

Affected Product

Vendor Lenovo

Product Personal Cloud T2s

Affected Versions Lenovo Personal Cloud T2s 0
Lenovo Personal Cloud T2Pro 0
Lenovo Personal Cloud X1s 0
Lenovo Home Storage Hub T20 0
Lenovo Home Storage Hub X20 0
Lenovo Personal Cloud T1 0
Lenovo Personal Cloud A1 0
Lenovo Personal Cloud A1s 0
Lenovo Personal Cloud T2 0
Lenovo Personal Cloud X1 0

CWE Classification

CWE-22

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor Lenovo

Product Personal Cloud Storage

References

{
    "lastseen": "",
    "description": "A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to other users on the same device.",
    "published": "2026-05-13T14:15:15.311Z",
    "modified": "2026-05-13T14:15:15.311Z",
    "type": "cve",
    "title": "CVE-2026-6282",
    "source": "lenovo",
    "references": "https://iknow.lenovo.com.cn/detail/440274\nhttps://pc.lenovo.com.cn/tips/Ann/t1_eol.html",
    "id": "CVE-2026-6282",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "Lenovo Personal Cloud T2s 0\nLenovo Personal Cloud T2Pro 0\nLenovo Personal Cloud X1s 0\nLenovo Home Storage Hub T20 0\nLenovo Home Storage Hub X20 0\nLenovo Personal Cloud T1 0\nLenovo Personal Cloud A1 0\nLenovo Personal Cloud A1s 0\nLenovo Personal Cloud T2 0\nLenovo Personal Cloud X1 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Personal Cloud T2s",
    "version": "0",
    "vendor": "Lenovo",
    "ai_description": "Improper file path validation vulnerability in Lenovo Personal Cloud Storage devices allowing remote authenticated users to move or access files belonging to other users",
    "ai_severity": "High",
    "ai_vendor": "Lenovo",
    "ai_product": "Personal Cloud Storage",
    "ai_version": "0",
    "ai_score": 8.6
}