RCE in Lenovo Xclarity Integrator For Microsoft Windows Admin Center
CVE-2026-14371
The Lenovo XClarity Integrator for Windows Admin Center plugin version 5.1.1 and below running on the WAC Gateway is vulnerable to Powershell Command Injection when establishing remote PowerShell commands.
Vulnerability class: Command Injection (OS Command Injection)
Affected products
- Lenovo Xclarity Integrator For Microsoft Windows Admin Center — versions 4.7.1
Weakness classification (CWE)
References
- psirt@lenovo.com (vendor-advisory)