CVE-2026-3796

A weakness has been identified in Qi-ANXIN QAX Virus Removal up to 2025-10-22. The affected element is the function ZwTerminateProcess in the library QKSecureIO_Imp.sys of the component Mini Filter Driver. Executing a manipulation can lead to improper access controls. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS v3 5.3 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 3.1 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/cwjchoi01/FocusKiller	Product
https://github.com/cwjchoi01/FocusKiller/tree/main/FocusKiller	Product
https://vuldb.com/?ctiid.349763	Permissions Required VDB Entry
https://vuldb.com/?id.349763	Third Party Advisory VDB Entry
https://vuldb.com/?submit.758991	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:qianxin:qax_internet_control_gateway:*:*:*:*:*:*:*:*

History

10 Mar 2026, 18:48

Type	Values Removed	Values Added
CWE		NVD-CWE-Other
Summary		(es) Se ha identificado una debilidad en Qi-ANXIN QAX Virus Removal hasta el 22-10-2025. El elemento afectado es la función ZwTerminateProcess en la biblioteca QKSecureIO_Imp.sys del componente Mini Filter Driver. La ejecución de una manipulación puede llevar a controles de acceso impropios. El ataque está restringido a ejecución local. El exploit se ha puesto a disposición del público y podría ser utilizado para ataques. Se contactó al proveedor temprano sobre esta divulgación, pero no respondió de ninguna manera.
References	~~() https://github.com/cwjchoi01/FocusKiller -~~	() https://github.com/cwjchoi01/FocusKiller - Product
References	~~() https://github.com/cwjchoi01/FocusKiller/tree/main/FocusKiller -~~	() https://github.com/cwjchoi01/FocusKiller/tree/main/FocusKiller - Product
References	~~() https://vuldb.com/?ctiid.349763 -~~	() https://vuldb.com/?ctiid.349763 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.349763 -~~	() https://vuldb.com/?id.349763 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.758991 -~~	() https://vuldb.com/?submit.758991 - Third Party Advisory, VDB Entry
First Time		Qianxin Qianxin qax Internet Control Gateway
CPE		cpe:2.3:a:qianxin:qax_internet_control_gateway::::::::

09 Mar 2026, 04:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-09 04:15

Updated : 2026-03-10 18:48

NVD link : CVE-2026-3796

Mitre link : CVE-2026-3796

CVE.ORG link : CVE-2026-3796

JSON object : View

Products Affected

qianxin

qax_internet_control_gateway

CWE

CWE-266

Incorrect Privilege Assignment

CWE-284

Improper Access Control

NVD-CWE-Other

5.3 /10