CVE-2026-30896

The installer for Qsee Client versions 1.0.1 and prior insecurely load Dynamic Link Libraries (DLLs). When a user is directed to place some malicious DLL to the same directory and execute the affected installer, then arbitrary code may be executed with the administrative privilege.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector : AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://jvn.jp/en/jp/JVN11676807/	Third Party Advisory
https://www.q-see.com/pages/download	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:q-see:qsee_client:*:*:*:*:*:windows:*:*

History

10 Mar 2026, 18:47

Type	Values Removed	Values Added
Summary		(es) El instalador para las versiones 1.0.1 y anteriores de Qsee Cliente carga de forma insegura las Bibliotecas de Enlace Dinámico (DLLs). Cuando se le indica a un usuario que coloque alguna DLL maliciosa en el mismo directorio y ejecute el instalador afectado, entonces se puede ejecutar código arbitrario con el privilegio administrativo.
CPE		cpe:2.3:a:q-see:qsee_client::::::windows::*
References	~~() https://jvn.jp/en/jp/JVN11676807/ -~~	() https://jvn.jp/en/jp/JVN11676807/ - Third Party Advisory
References	~~() https://www.q-see.com/pages/download -~~	() https://www.q-see.com/pages/download - Product
First Time		Q-see qsee Client Q-see

09 Mar 2026, 06:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-09 06:16

Updated : 2026-03-10 18:47

NVD link : CVE-2026-30896

Mitre link : CVE-2026-30896

CVE.ORG link : CVE-2026-30896

JSON object : View

Products Affected

q-see

qsee_client

CWE

CWE-427

Uncontrolled Search Path Element

{"id": "CVE-2026-30896", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "vultures@jpcert.or.jp", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "vultures@jpcert.or.jp", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.4, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-09T06:16:08.420", "references": [{"url": "https://jvn.jp/en/jp/JVN11676807/", "tags": ["Third Party Advisory"], "source": "vultures@jpcert.or.jp"}, {"url": "https://www.q-see.com/pages/download", "tags": ["Product"], "source": "vultures@jpcert.or.jp"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "vultures@jpcert.or.jp", "description": [{"lang": "en", "value": "CWE-427"}]}], "descriptions": [{"lang": "en", "value": "The installer for Qsee Client versions 1.0.1 and prior insecurely load Dynamic Link Libraries (DLLs). When a user is directed to place some malicious DLL to the same directory and execute the affected installer, then arbitrary code may be executed with the administrative privilege."}, {"lang": "es", "value": "El instalador para las versiones 1.0.1 y anteriores de Qsee Cliente carga de forma insegura las Bibliotecas de Enlace Din\u00e1mico (DLLs). Cuando se le indica a un usuario que coloque alguna DLL maliciosa en el mismo directorio y ejecute el instalador afectado, entonces se puede ejecutar c\u00f3digo arbitrario con el privilegio administrativo."}], "lastModified": "2026-03-10T18:47:17.373", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:q-see:qsee_client:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "E52EFB4E-DEBC-4771-A6AF-7D187786341B", "versionEndIncluding": "1.0.1"}], "operator": "OR"}]}], "sourceIdentifier": "vultures@jpcert.or.jp"}