CVE-2026-0421 — MEDIUM (6.5)

Vulnerability Description

A potential vulnerability was reported in the BIOS of L13 Gen 6, L13 Gen 6 2-in-1, L14 Gen 6, and L16 Gen 2 ThinkPads which could result in Secure Boot being disabled even when configured as “On” in the BIOS setup menu. This issue only affects systems where Secure Boot is set to User Mode.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Related Weaknesses (CWE)

CWE-252

References

https://support.lenovo.com/us/en/product_security/LEN-210688

FAQ

What is CVE-2026-0421?

CVE-2026-0421 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A potential vulnerability was reported in the BIOS of L13 Gen 6, L13 Gen 6 2-in-1, L14 Gen 6, and L16 Gen 2 ThinkPads which could result in Secure Boot being disabled even when configured as “On” in t...

How severe is CVE-2026-0421?

CVE-2026-0421 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-0421?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.