CVE-2026-6281

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

A potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user on the local network to execute arbitrary commands on the device.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2026-6281

Affected Products

Home Storage Hub T20

Home Storage Hub X20

Personal Cloud A1

Personal Cloud A1S

Personal Cloud T1

Personal Cloud T2

Personal Cloud T2Pro

Personal Cloud T2S

Personal Cloud X1

Personal Cloud X1S

CVE-2026-6281

Weakness Enumeration

Related Identifiers

Affected Products

References · 3