PT-2026-24004 · Qi Anxin · Qksecureio Imp.Sys+1
Jonathan126
+1
·
Published
2026-03-09
·
Updated
2026-03-10
·
CVE-2026-3796
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Qi-ANXIN QAX Virus Removal versions prior to 2025-10-23
Description
A weakness exists in Qi-ANXIN QAX Virus Removal. The issue is related to improper access controls that can be triggered by manipulating the
ZwTerminateProcess function within the QKSecureIO Imp.sys library of the Mini Filter Driver component. The attack is limited to local execution. An exploit for this issue has been publicly released and could be used for attacks. The vendor was informed of this issue but did not provide a response.Recommendations
Versions prior to 2025-10-23 should be updated. As a temporary workaround, consider restricting access to the
QKSecureIO Imp.sys library to minimize the risk of exploitation.Exploit
Fix
Improper Access Control
Incorrect Privilege Assignment
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Qksecureio Imp.Sys
Qi-Anxin Qax Virus Removal