Description
The installer for Qsee Client versions 1.0.1 and prior insecurely load Dynamic Link Libraries (DLLs). When a user is directed to place some malicious DLL to the same directory and execute the affected installer, then arbitrary code may be executed with the administrative privilege.
Published: 2026-03-09
Score: 8.4 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation via Arbitrary Code Execution
Action: Patch Immediately
AI Analysis

Impact

The Qsee Client installer for versions 1.0.1 and earlier loads dynamic link libraries from the current directory without proper validation. If a malicious DLL is placed beside the installer and the affected installer is executed, the loader will run the DLL with the administrative privileges that the installer possesses. This results in arbitrary code execution with elevated rights, allowing an attacker to perform any action the admin user can, including installing back‑doors, modifying system configuration, or compromising other accounts.

Affected Systems

The vulnerability affects the Qsee Client application released by Q‑See under the product name Qsee Client. Versions 1.0.1 and all earlier releases on Windows are impacted. The insecure DLL loading behavior exists in the installer payload executed during installation.

Risk and Exploitability

The CVSS score of 8.4 indicates a high severity flaw. The EPSS score of less than 1% suggests that while the vulnerability is serious, the current likelihood of exploitation is low. The flaw is not listed in the CISA KEV catalog. The attack requires local access to the installation environment to place a crafted DLL in the installer’s directory; an attacker can then launch the installer, triggering execution of the malicious code with administrator privileges. Because the requirement is only local installation, the risk is primarily for privileged users or systems where untrusted installers are run without monitoring.

Generated by OpenCVE AI on April 16, 2026 at 10:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Qsee Client to any release newer than 1.0.1, which removes the insecure DLL loading behavior.
  • When installing Qsee Client, ensure the installer runs under a non‑administrative account and that the installation directory contains only trusted files.
  • Use a whitelist or application control tool to restrict execution of DLLs within the installer directory to only those signed by Q‑See.

Generated by OpenCVE AI on April 16, 2026 at 10:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 10 Mar 2026 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Q-see
Q-see qsee Client
CPEs cpe:2.3:a:q-see:qsee_client:*:*:*:*:*:windows:*:*
Vendors & Products Q-see
Q-see qsee Client

Tue, 10 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Qsee
Qsee qsee Client
Vendors & Products Qsee
Qsee qsee Client

Mon, 09 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 09 Mar 2026 05:30:00 +0000

Type Values Removed Values Added
Description The installer for Qsee Client versions 1.0.1 and prior insecurely load Dynamic Link Libraries (DLLs). When a user is directed to place some malicious DLL to the same directory and execute the affected installer, then arbitrary code may be executed with the administrative privilege.
Weaknesses CWE-427
References
Metrics cvssV3_0

{'score': 7.8, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Q-see Qsee Client
Qsee Qsee Client
cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2026-03-09T20:53:13.759Z

Reserved: 2026-03-06T07:44:54.156Z

Link: CVE-2026-30896

cve-icon Vulnrichment

Updated: 2026-03-09T20:53:10.467Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-09T06:16:08.420

Modified: 2026-03-10T18:47:17.373

Link: CVE-2026-30896

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T10:30:16Z

Weaknesses