Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Lenovo | Personal Cloud T2s | unaffected |
|
||||||
| Lenovo | Personal Cloud T2Pro | unaffected |
|
||||||
| Lenovo | Personal Cloud X1s | unaffected |
|
||||||
| Lenovo | Home Storage Hub T20 | unaffected |
|
||||||
| Lenovo | Home Storage Hub X20 | unaffected |
|
||||||
| Lenovo | Personal Cloud T1 | unaffected |
|
||||||
| Lenovo | Personal Cloud A1 | unaffected |
|
||||||
| Lenovo | Personal Cloud A1s | unaffected |
|
||||||
| Lenovo | Personal Cloud T2 | unaffected |
|
||||||
| Lenovo | Personal Cloud X1 | unaffected |
|
No data.
No data.
| Vendor | Product | Confidence | Versions | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Lenovo | Home Storage Hub T20 | 100% |
|
||||||||
| Lenovo | Home Storage Hub X20 | 100% |
|
||||||||
| Lenovo | Personal Cloud A1 | 100% |
|
||||||||
| Lenovo | Personal Cloud A1s | 100% |
|
||||||||
| Lenovo | Personal Cloud T1 | 100% |
|
||||||||
| Lenovo | Personal Cloud T2 | 100% |
|
||||||||
| Lenovo | Personal Cloud T2pro | 100% |
|
||||||||
| Lenovo | Personal Cloud T2s | 100% |
|
||||||||
| Lenovo | Personal Cloud X1 | 100% |
|
||||||||
| Lenovo | Personal Cloud X1s | 100% |
|
Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .
Vendor Solution
Update device firmware to the version indicated in the advisory: https://iknow.lenovo.com.cn/detail/440274
Tracking
Sign in to view the affected projects.
No advisories yet.
Wed, 13 May 2026 19:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 13 May 2026 18:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Remote Authenticated Command Injection Allowing Arbitrary Code Execution on Lenovo Personal Cloud Devices |
Wed, 13 May 2026 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user on the local network to execute arbitrary commands on the device. | |
| First Time appeared |
Lenovo
Lenovo home Storage Hub T20 Lenovo home Storage Hub X20 Lenovo personal Cloud A1 Lenovo personal Cloud A1s Lenovo personal Cloud T1 Lenovo personal Cloud T2 Lenovo personal Cloud T2pro Lenovo personal Cloud T2s Lenovo personal Cloud X1 Lenovo personal Cloud X1s |
|
| Weaknesses | CWE-78 | |
| CPEs | cpe:2.3:a:lenovo:home_storage_hub_t20:*:*:*:*:*:*:*:* cpe:2.3:a:lenovo:home_storage_hub_x20:*:*:*:*:*:*:*:* cpe:2.3:a:lenovo:personal_cloud_a1:*:*:*:*:*:*:*:* cpe:2.3:a:lenovo:personal_cloud_a1s:*:*:*:*:*:*:*:* cpe:2.3:a:lenovo:personal_cloud_t1:*:*:*:*:*:*:*:* cpe:2.3:a:lenovo:personal_cloud_t2:*:*:*:*:*:*:*:* cpe:2.3:a:lenovo:personal_cloud_t2pro:*:*:*:*:*:*:*:* cpe:2.3:a:lenovo:personal_cloud_t2s:*:*:*:*:*:*:*:* cpe:2.3:a:lenovo:personal_cloud_x1:*:*:*:*:*:*:*:* cpe:2.3:a:lenovo:personal_cloud_x1s:*:*:*:*:*:*:*:* |
|
| Vendors & Products |
Lenovo
Lenovo home Storage Hub T20 Lenovo home Storage Hub X20 Lenovo personal Cloud A1 Lenovo personal Cloud A1s Lenovo personal Cloud T1 Lenovo personal Cloud T2 Lenovo personal Cloud T2pro Lenovo personal Cloud T2s Lenovo personal Cloud X1 Lenovo personal Cloud X1s |
|
| References |
| |
| Metrics |
cvssV3_1
|
Subscriptions
MITRE
Status: PUBLISHED
Assigner: lenovo
Published:
Updated: 2026-05-13T18:26:58.040Z
Reserved: 2026-04-14T14:42:10.223Z
Link: CVE-2026-6281
Vulnrichment
Updated: 2026-05-13T18:26:48.567Z
NVD
Status : Awaiting Analysis
Published: 2026-05-13T16:17:01.773
Modified: 2026-05-13T16:27:11.127
Link: CVE-2026-6281
Redhat
No data.
OpenCVE Enrichment
Updated: 2026-05-13T18:15:16Z