CVE-2026-10590

A potential missing authentication vulnerability could allow a local privileged attacker to use WMI commands to arbitrarily trigger a System Management Interrupt handler.

Credits

Lenovo thanks 0xiviel/Eva Crystal (XSource Security) for reporting this vulnerability.

References