Description
A potential DLL hijacking vulnerability was reported in Lenovo Service Bridge that, under certain conditions, could allow a local authenticated user to execute code with elevated privileges.
Published: 2026-04-15
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Local Privilege Escalation via DLL Hijacking
Action: Immediate Patch
AI Analysis

Impact

A DLL hijacking flaw in Lenovo Service Bridge could let a local authenticated user load a malicious DLL and run code with elevated privileges. This flaw aligns with CWE-427, where an attacker manipulates the dynamic link library loading process to execute arbitrary code. The resulting elevation would allow the user to perform operations that normally require higher rights, potentially affecting system integrity and confidentiality.

Affected Systems

Lenovo Service Bridge on devices running versions earlier than 5.0.2.20 is affected. The product is available for a range of Lenovo systems that utilize the Service Bridge software, typically for remote management and diagnostic functions. All users who can obtain local authentication on these systems with access to the vulnerable Service Bridge component are at risk.

Risk and Exploitability

The CVSS score of 5.4 indicates a moderate severity, and the vulnerability requires local authenticated access, limiting the attack surface. No EPSS score is available, and the flaw is not listed in CISA's KEV catalog, suggesting that widespread exploitation has not been reported. Attackers would need to compromise a user account that can run Service Bridge or manipulate the DLL loading path locally. While the risk is not as high as remote attacks, the potential for privilege escalation warrants timely remediation.

Generated by OpenCVE AI on April 15, 2026 at 13:21 UTC.

Remediation

Vendor Solution

Upgrade to the Lenovo Service Bridge version 5.0.2.20 or later. Lenovo Service Bridge is updated automatically.

OpenCVE Recommended Actions

  • Apply the Lenovo Service Bridge update to version 5.0.2.20 or later, which removes the DLL hijacking path.
  • Ensure that automatic updates for Service Bridge are enabled to receive security patches promptly.
  • Restrict local user accounts that have permission to execute Service Bridge, or disable the Service Bridge service if it is not required for operational purposes.

Generated by OpenCVE AI on April 15, 2026 at 13:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 15 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 15 Apr 2026 13:45:00 +0000

Type Values Removed Values Added
Title Potential DLL Hijacking in Lenovo Service Bridge Enables Local Privilege Escalation

Wed, 15 Apr 2026 12:45:00 +0000

Type Values Removed Values Added
Description A potential DLL hijacking vulnerability was reported in Lenovo Service Bridge that, under certain conditions, could allow a local authenticated user to execute code with elevated privileges.
First Time appeared Lenovo
Lenovo service Bridge
Weaknesses CWE-427
CPEs cpe:2.3:a:lenovo:service_bridge:*:*:*:*:*:*:*:*
Vendors & Products Lenovo
Lenovo service Bridge
References
Metrics cvssV3_1

{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 5.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Lenovo Service Bridge
cve-icon MITRE

Status: PUBLISHED

Assigner: lenovo

Published:

Updated: 2026-04-16T03:55:27.379Z

Reserved: 2026-01-29T16:42:53.823Z

Link: CVE-2026-1636

cve-icon Vulnrichment

Updated: 2026-04-15T13:34:39.132Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-15T13:16:24.170

Modified: 2026-04-17T15:09:46.880

Link: CVE-2026-1636

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T13:38:28Z

Weaknesses