CVE-2026-6282: Path Traversal

Published May 13, 2026

Updated

A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to other users on the same device.

Affected Software

1 affected component

Lenovo Lenovo Personal Cloud Storage

Remediation

Information

Update device firmware to the version indicated in the advisory: https://iknow.lenovo.com.cn/detail/440274

Event History

May 13, 2026

CVE Published

via MITRE·02:15 PM

Data Sourced

via MITRE·02:15 PM

RemedyDescriptionSeverityWeakness

Data Sourced

via NVD·04:17 PM

DescriptionSeverityWeakness

Frequently Asked Questions

What is the severity of CVE-2026-6282?

CVE-2026-6282 is classified as a moderate severity vulnerability due to its potential impact on user data privacy.

How do I fix CVE-2026-6282?

To fix CVE-2026-6282, ensure that your Lenovo Personal Cloud Storage device is updated with the latest firmware release provided by Lenovo.

Who is affected by CVE-2026-6282?

Users of Lenovo Personal Cloud Storage devices are affected by CVE-2026-6282, particularly those with improperly validated file paths.

What kind of attack does CVE-2026-6282 allow?

CVE-2026-6282 could allow a remote authenticated user to manipulate file access, potentially leading to unauthorized access to other users' files.

Is CVE-2026-6282 exploited in the wild?

As of now, there have been no public reports indicating that CVE-2026-6282 is actively being exploited in the wild.