Primary

Context

Lenovo Vantage SmartPerformanceAddin Improper Link Following Vulnerability Allowing Arbitrary File Deletion

Vulnerability

A vulnerability has been identified in the SmartPerformanceAddin for Lenovo Vantage, where improper link following could enable an authenticated local user to delete arbitrary files with elevated privileges. This issue has been classified as a medium-severity denial-of-service vulnerability.

Impact

Exploitation of this vulnerability could lead to unauthorized deletion of files, potentially causing disruption or loss of data.

Remediation

Users are advised to update the Vantage SmartPerformanceAddin to version 1.1.0.1111 or later. This add-in is automatically updated by Lenovo Vantage. For manual update instructions, visit the Lenovo Drivers & Software support site for your product.

Added: Jan 14, 2026, 11:22 PM

Updated: Jan 14, 2026, 11:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

3.3

remediation

0.0

relevance

2.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

3.3

remediation

0.0

relevance

2.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Lenovo Vantage SmartPerformanceAddin Improper Link Following Vulnerability Allowing Arbitrary File Deletion

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating