The Lenovo XClarity Integrator for Windows Admin Center plugin version 5.1.1 and below running on the WAC Gateway is vulnerable to Powershell Command Injection when establishing remote PowerShell commands.

Project Subscriptions

Vendors Products
Xclarity Integrator For Microsoft Windows Admin Center Subscribe
Advisories

No advisories yet.

Fixes

Solution

Update XClarity Integrator for Microsoft Windows Admin Center to version 5.2 or later.


Workaround

No workaround given by the vendor.

History

Thu, 16 Jul 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 16 Jul 2026 17:00:00 +0000

Type Values Removed Values Added
Description The Lenovo XClarity Integrator for Windows Admin Center plugin version 5.1.1 and below running on the WAC Gateway is vulnerable to Powershell Command Injection when establishing remote PowerShell commands.
First Time appeared Lenovo
Lenovo xclarity Integrator For Microsoft Windows Admin Center
Weaknesses CWE-78
CPEs cpe:2.3:a:lenovo:xclarity_integrator_for_microsoft_windows_admin_center:*:*:windows:*:*:*:*:*
Vendors & Products Lenovo
Lenovo xclarity Integrator For Microsoft Windows Admin Center
References
Metrics cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}


Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: lenovo

Published:

Updated: 2026-07-16T17:36:41.747Z

Reserved: 2026-07-01T19:52:49.119Z

Link: CVE-2026-14371

cve-icon Vulnrichment

Updated: 2026-07-16T17:36:04.435Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses