Home

Description

A weakness has been identified in Qi-ANXIN QAX Virus Removal up to 2025-10-22. The affected element is the function ZwTerminateProcess in the library QKSecureIO_Imp.sys of the component Mini Filter Driver. Executing a manipulation can lead to improper access controls. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

PUBLISHED Reserved 2026-03-08 | Published 2026-03-09 | Updated 2026-03-10 | Assigner VulDB




MEDIUM: 4.8CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
MEDIUM: 5.3CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
MEDIUM: 5.3CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
4.3AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

Problem types

Improper Access Controls

Incorrect Privilege Assignment

Product status

2025-10-22
affected

Timeline

2026-03-08:Advisory disclosed
2026-03-08:VulDB entry created
2026-03-08:VulDB entry last update

Credits

jonathan126 (VulDB User) reporter

VulDB coordinator

References

vuldb.com/?id.349763 (VDB-349763 | Qi-ANXIN QAX Virus Removal Mini Filter Driver QKSecureIO_Imp.sys ZwTerminateProcess access control) vdb-entry technical-description

vuldb.com/?ctiid.349763 (VDB-349763 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/?submit.758991 (Submit #758991 | Qi-ANXIN QAX Virus Removal Version 2025.10.22 and earlier Improper Access Controls) third-party-advisory

github.com/cwjchoi01/FocusKiller related

github.com/cwjchoi01/FocusKiller/tree/main/FocusKiller exploit

cve.org (CVE-2026-3796)

nvd.nist.gov (CVE-2026-3796)

Download JSON