CVE-2026-3796

MEDIUM

Qi-ANXIN QAX Virus Removal - Privilege Escalation

Title source: llm

Description

A weakness has been identified in Qi-ANXIN QAX Virus Removal up to 2025-10-22. The affected element is the function ZwTerminateProcess in the library QKSecureIO_Imp.sys of the component Mini Filter Driver. Executing a manipulation can lead to improper access controls. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Exploits (1)

nomisec WORKING POC

by cwjchoi01 · poc

https://github.com/cwjchoi01/CVE-2026-3796

View Code ZIP pw:eip

References (5)

[Various Sources] https://github.com/cwjchoi01/FocusKiller

View Writeup ZIP pw:eip

[Third Party Advisory] https://github.com/cwjchoi01/FocusKiller/tree/main/FocusKiller

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.349763

[Permissions Required, VDB Entry] https://vuldb.com/?id.349763

[Permissions Required, VDB Entry] https://vuldb.com/?submit.758991

Scores

CVSS v3 5.3

EPSS 0.0001

EPSS Percentile 0.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-284 CWE-266

Status published

Products (1)

qianxin/qax_internet_control_gateway < 2025-10-22

Published Mar 09, 2026

Tracked Since Mar 09, 2026