CVE-2026-12214 - Vulnerability Details

- Qihoo 360 Total Security Nucleus Engine Monitoring Logic RpcStringBindingComposeW protection mechanism

Description

A security flaw has been discovered in Qihoo 360 Total Security 6.0. This vulnerability affects the function RpcStringBindingComposeW of the component Nucleus Engine Monitoring Logic. Performing a manipulation of the argument NetworkAddr results in protection mechanism failure. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Published: 2026-06-15

Score: 8.5 High

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

A flaw was identified in Qihoo 360 Total Security version 6.0 that affects the RpcStringBindingComposeW routine within the Nucleus Engine Monitoring Logic component. Manipulating the NetworkAddr argument causes a failure in the component’s built‑in protection mechanism. The CVE description does not explicitly state that an attacker can gain direct code execution or privilege escalation; it indicates that the failure may allow an attacker to bypass established protection controls, potentially enabling unauthorized actions on the system.

Affected Systems

The vulnerability targets Qihoo 360 Total Security 6.0, specifically the Nucleus Engine Monitoring Logic module and its RpcStringBindingComposeW function. No other product versions are referenced in the current data.

Risk and Exploitability

The CVSS score of 8.5 places this defect in the high‑severity class. An exploit is publicly available and requires local access to the affected host. Although an EPSS estimate is not currently available, the combination of a high CVSS and a publicly released exploit elevates the threat level for environments where the software runs with elevated privileges or is used by trusted local users. The vulnerability is not listed in the CISA KEV catalog, but the local attack vector and high severity indicate that it warrants immediate attention.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Qihoo

360 Total Security

affected

Version	Status	Constraints
`6.0`	affected	—

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply any vendor‑issued security patch or upgrade to a fixed version of Qihoo 360 Total Security that addresses the RpcStringBindingComposeW issue.
If a patch is not yet available, limit the execution of the Nucleus Engine Monitoring Logic component or disable it entirely to prevent the vulnerable function from being invoked.
Ensure local accounts that may interact with the software operate under the principle of least privilege and that strong authentication controls are in place, as the weakness relates to improper handling of authentication (CWE‑693).

Generated by OpenCVE AI on June 15, 2026 at 05:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/Gach0ng/vuldb_submit/issues/4
https://vuldb.com/cve/CVE-2026-12214
https://vuldb.com/submit/833135
https://vuldb.com/vuln/370858
https://vuldb.com/vuln/370858/cti

History

Mon, 15 Jun 2026 04:15:00 +0000

Type	Values Removed	Values Added
Description		A security flaw has been discovered in Qihoo 360 Total Security 6.0. This vulnerability affects the function RpcStringBindingComposeW of the component Nucleus Engine Monitoring Logic. Performing a manipulation of the argument NetworkAddr results in protection mechanism failure. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Title		Qihoo 360 Total Security Nucleus Engine Monitoring Logic RpcStringBindingComposeW protection mechanism
First Time appeared		Qihoo Qihoo 360 Total Security
Weaknesses		CWE-693
CPEs		cpe:2.3:a:qihoo:360_total_security::::::::
Vendors & Products		Qihoo Qihoo 360 Total Security
References		https://github.com/Gach0ng/vuldb_submit/issues/4 https://vuldb.com/cve/CVE-2026-12214 https://vuldb.com/submit/833135 https://vuldb.com/vuln/370858 https://vuldb.com/vuln/370858/cti
Metrics		cvssV2_0 `{'score': 6.8, 'vector': 'AV:L/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 7.8, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Qihoo 360 Total Security

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-06-15T03:30:08.471Z

Updated: 2026-06-15T03:30:08.471Z

Reserved: 2026-06-14T12:54:11.861Z

Link: CVE-2026-12214

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-06-15T04:16:25.957

Modified: 2026-06-15T04:16:25.957

Link: CVE-2026-12214

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-15T06:00:18Z

Weaknesses

CWE-693
Protection Mechanism Failure

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object