Description
The Lenovo XClarity Integrator for Windows Admin Center plugin version 5.1.1 and below running on the WAC Gateway is vulnerable to Powershell Command Injection when establishing remote PowerShell commands.
Published: 2026-07-16
Score: 8.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

Vendor Solution

Update XClarity Integrator for Microsoft Windows Admin Center to version 5.2 or later.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Jul 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 16 Jul 2026 17:00:00 +0000

Type Values Removed Values Added
Description The Lenovo XClarity Integrator for Windows Admin Center plugin version 5.1.1 and below running on the WAC Gateway is vulnerable to Powershell Command Injection when establishing remote PowerShell commands.
First Time appeared Lenovo
Lenovo xclarity Integrator For Microsoft Windows Admin Center
Weaknesses CWE-78
CPEs cpe:2.3:a:lenovo:xclarity_integrator_for_microsoft_windows_admin_center:*:*:windows:*:*:*:*:*
Vendors & Products Lenovo
Lenovo xclarity Integrator For Microsoft Windows Admin Center
References
Metrics cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}


Subscriptions

Lenovo Xclarity Integrator For Microsoft Windows Admin Center
cve-icon MITRE

Status: PUBLISHED

Assigner: lenovo

Published:

Updated: 2026-07-16T17:36:41.747Z

Reserved: 2026-07-01T19:52:49.119Z

Link: CVE-2026-14371

cve-icon Vulnrichment

Updated: 2026-07-16T17:36:04.435Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses
  • CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')