{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1636", "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "state": "PUBLISHED", "assignerShortName": "lenovo", "dateReserved": "2026-01-29T16:42:53.823Z", "datePublished": "2026-04-15T12:27:54.562Z", "dateUpdated": "2026-04-15T13:34:44.767Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Service Bridge", "vendor": "Lenovo", "versions": [{"lessThan": "5.0.2.20", "status": "affected", "version": "0", "versionType": "custom"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lenovo:service_bridge:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.0.2.20", "versionStartIncluding": "0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "credits": [{"lang": "en", "type": "finder", "value": "Lenovo thanks Victor Rodriguez (aka NT3P) for reporting this issue."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A potential DLL hijacking vulnerability was reported in Lenovo Service Bridge that, under certain conditions, could allow a local authenticated user to execute code with elevated privileges."}], "value": "A potential DLL hijacking vulnerability was reported in Lenovo Service Bridge that, under certain conditions, could allow a local authenticated user to execute code with elevated privileges."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 5.4, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-427", "description": "CWE-427: Uncontrolled Search Path Element", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo", "dateUpdated": "2026-04-15T12:27:54.562Z"}, "references": [{"url": "https://support.lenovo.com/us/en/product_security/LEN-211071"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Upgrade to the Lenovo Service Bridge version 5.0.2.20 or later. Lenovo Service Bridge is updated automatically. <br>"}], "value": "Upgrade to the Lenovo Service Bridge version 5.0.2.20 or later. Lenovo Service Bridge is updated automatically."}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.3.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-15T13:12:28.111280Z", "id": "CVE-2026-1636", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T13:34:44.767Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1636", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-15T13:12:28.111280Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T13:34:39.132Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Lenovo thanks Victor Rodriguez (aka NT3P) for reporting this issue."}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.4, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Lenovo", "product": "Service Bridge", "versions": [{"status": "affected", "version": "0", "lessThan": "5.0.2.20", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to the Lenovo Service Bridge version 5.0.2.20 or later. Lenovo Service Bridge is updated automatically.", "supportingMedia": [{"type": "text/html", "value": "Upgrade to the Lenovo Service Bridge version 5.0.2.20 or later. Lenovo Service Bridge is updated automatically. <br>", "base64": false}]}], "references": [{"url": "https://support.lenovo.com/us/en/product_security/LEN-211071"}], "x_generator": {"engine": "Vulnogram 0.3.0"}, "descriptions": [{"lang": "en", "value": "A potential DLL hijacking vulnerability was reported in Lenovo Service Bridge that, under certain conditions, could allow a local authenticated user to execute code with elevated privileges.", "supportingMedia": [{"type": "text/html", "value": "A potential DLL hijacking vulnerability was reported in Lenovo Service Bridge that, under certain conditions, could allow a local authenticated user to execute code with elevated privileges.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-427", "description": "CWE-427: Uncontrolled Search Path Element"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lenovo:service_bridge:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.0.2.20", "versionStartIncluding": "0"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo", "dateUpdated": "2026-04-15T12:27:54.562Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1636", "state": "PUBLISHED", "dateUpdated": "2026-04-15T13:34:44.767Z", "dateReserved": "2026-01-29T16:42:53.823Z", "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "datePublished": "2026-04-15T12:27:54.562Z", "assignerShortName": "lenovo"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A potential DLL hijacking vulnerability was reported in Lenovo Service Bridge that, under certain conditions, could allow a local authenticated user to execute code with elevated privileges."}], "id": "CVE-2026-1636", "lastModified": "2026-04-15T13:16:24.170", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "psirt@lenovo.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "psirt@lenovo.com", "type": "Secondary"}]}, "published": "2026-04-15T13:16:24.170", "references": [{"source": "psirt@lenovo.com", "url": "https://support.lenovo.com/us/en/product_security/LEN-211071"}], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "psirt@lenovo.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,5.0.2.20)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Service Bridge", "source": "cna", "vendor": "Lenovo"}, "product": "service_bridge", "vendor": "lenovo"}], "analysis": {"en": {"generated_at": "2026-04-15T13:21:19.342415+00:00", "value": {"mitigation_remediation": ["Apply the Lenovo Service Bridge update to version 5.0.2.20 or later, which removes the DLL hijacking path.", "Ensure that automatic updates for Service Bridge are enabled to receive security patches promptly.", "Restrict local user accounts that have permission to execute Service Bridge, or disable the Service Bridge service if it is not required for operational purposes."], "summary": {"action": "Immediate Patch", "impact": "Local Privilege Escalation via DLL Hijacking"}, "threat_synthesis": {"affected_systems": "Lenovo Service Bridge on devices running versions earlier than 5.0.2.20 is affected. The product is available for a range of Lenovo systems that utilize the Service Bridge software, typically for remote management and diagnostic functions. All users who can obtain local authentication on these systems with access to the vulnerable Service Bridge component are at risk.", "description_and_impact": "A DLL hijacking flaw in Lenovo Service Bridge could let a local authenticated user load a malicious DLL and run code with elevated privileges. This flaw aligns with CWE-427, where an attacker manipulates the dynamic link library loading process to execute arbitrary code. The resulting elevation would allow the user to perform operations that normally require higher rights, potentially affecting system integrity and confidentiality.", "risk_and_exploitability": "The CVSS score of 5.4 indicates a moderate severity, and the vulnerability requires local authenticated access, limiting the attack surface. No EPSS score is available, and the flaw is not listed in CISA's KEV catalog, suggesting that widespread exploitation has not been reported. Attackers would need to compromise a user account that can run Service Bridge or manipulate the DLL loading path locally. While the risk is not as high as remote attacks, the potential for privilege escalation warrants timely remediation."}}}}, "created": "2026-04-15T13:38:17.783698+00:00", "title": "Potential DLL Hijacking in Lenovo Service Bridge Enables Local Privilege Escalation", "updated": "2026-04-15T13:38:28.752417+00:00", "vendors": ["lenovo", "lenovo$PRODUCT$service_bridge"]}