Description
Wellbia's XIGNCODE3 xhunter1.sys kernel driver Privilege Escalation Vulnerability provides access to IRP_MJ_REITS command interface, which allows any user process to request a PROCESS_ALL_ACCESS.
Cross reference to KVE 2023-5589 (https://krcert.or.kr)
Published: 2026-05-11
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in Wellbia's XIGNCODE3 kernel driver, xhunter1.sys. It exposes the IRP_MJ_REITS command interface, allowing any user‑process to request PROCESS_ALL_ACCESS. When granted, the process receives full control of the system kernel, effectively giving it root privileges. This flaw permits an attacker to escape normal user isolation and execute arbitrary code with system authority.

Affected Systems

The affected product is Wellbia XIGNCODE3 Anti‑Cheat. No specific versions are listed in the CNA data, so all releases employing the xhunter1.sys driver are potentially vulnerable.

Risk and Exploitability

The CVSS score is not provided, and the EPSS score is unavailable, but the vulnerability clearly enables local privilege escalation, which is a severe risk. It is not currently listed in the CISA KEV catalog. The likely attack vector is a local user process that can be leveraged to target the driver’s command interface; no evidence that remote exploitation is possible is given in the CVE text. The attacker would gain PROCESS_ALL_ACCESS, effectively full system control.

Generated by OpenCVE AI on May 11, 2026 at 18:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Wellbia XIGNCODE3 to the latest version once the vendor releases a patch that removes the exposed IRP_MJ_REITS interface.
  • If a patch is not yet available, uninstall or disable the xhunter1.sys kernel driver to eliminate the vulnerable entry point.
  • Enforce mandatory driver signing and restrict the loading of unsigned or unapproved drivers to prevent reinstallation of the vulnerable module.
  • Review driver access control enforcement to ensure only privileged processes can issue IRP_MJ_REITS commands.

Generated by OpenCVE AI on May 11, 2026 at 18:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Wellbia
Wellbia xigncode3 Anti-cheat
Vendors & Products Wellbia
Wellbia xigncode3 Anti-cheat

Mon, 11 May 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
CWE-732

Mon, 11 May 2026 17:30:00 +0000

Type Values Removed Values Added
Description Wellbia's XIGNCODE3 xhunter1.sys kernel driver Privilege Escalation Vulnerability provides access to IRP_MJ_REITS command interface, which allows any user process to request a PROCESS_ALL_ACCESS. Cross reference to KVE 2023-5589 (https://krcert.or.kr)
Title XIGNCODE3 xhunter1.sys kernel driver contains a Privilege Escalation Vulnerability
References

Subscriptions

Wellbia Xigncode3 Anti-cheat
cve-icon MITRE

Status: PUBLISHED

Assigner: certcc

Published:

Updated: 2026-05-11T16:25:24.769Z

Reserved: 2026-03-05T17:54:52.283Z

Link: CVE-2026-3609

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-11T18:16:33.560

Modified: 2026-05-12T14:15:46.747

Link: CVE-2026-3609

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T09:22:53Z

Weaknesses