CVE-2026-3796 - Vulnerability Details

- Qi-ANXIN QAX Virus Removal Mini Filter Driver QKSecureIO_Imp.sys ZwTerminateProcess access control

Description

A weakness has been identified in Qi-ANXIN QAX Virus Removal up to 2025-10-22. The affected element is the function ZwTerminateProcess in the library QKSecureIO_Imp.sys of the component Mini Filter Driver. Executing a manipulation can lead to improper access controls. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Published: 2026-03-09

Score: 4.8 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The weakness is in the ZwTerminateProcess function of the QKSecureIO_Imp.sys Mini Filter Driver bundled with Qi‑ANXIN QAX Virus Removal. It permits improper access controls (CWE‑266, CWE‑284) by allowing manipulation of the function when executed locally. This flaw could let a local attacker terminate arbitrary processes or perform other privileged actions. The description notes the vulnerability is confined to local execution, and it is inferred that exploitation requires running code on the system to manipulate or invoke ZwTerminateProcess.

Affected Systems

The problem affects the QKSecureIO_Imp.sys driver in all releases of the Qi‑ANXIN QAX Virus Removal suite released up to the 2025‑10‑22 cutoff; no precise version numbers are supplied beyond that date.

Risk and Exploitability

The CVSS score of 4.8 indicates moderate severity, while the EPSS score of less than 1% suggests a very low probability of exploitation. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Based on the description, it is inferred that any user capable of executing code locally could exploit the flaw, potentially gaining privileged capabilities or disrupting system operation by terminating critical processes.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Qi-ANXIN

QAX Virus Removal

affected

Version	Status	Constraints
`2025-10-22`	affected	—

Configuration 1 [-]

cpe:2.3:a:qianxin:qax_internet_control_gateway:*:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Qi-anxin

Qax Virus Removal

100%

Version	Status	Scheme	Platform
`2025-10-22`	affected	calver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Install the vendor‑issued update that corrects the access‑control logic in QKSecureIO_Imp.sys.
If an update is not yet available, restrict local user privileges or disable the Qi‑ANXIN QAX Virus Removal service to prevent local code execution.
Monitor the system for abnormal process termination events or driver loads that could indicate exploitation attempts.

Generated by OpenCVE AI on April 16, 2026 at 10:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00006.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/cwjchoi01/FocusKiller
https://github.com/cwjchoi01/FocusKiller/tree/main/FocusKiller
https://vuldb.com/?ctiid.349763
https://vuldb.com/?id.349763
https://vuldb.com/?submit.758991

History

Tue, 10 Mar 2026 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 10 Mar 2026 19:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Qianxin Qianxin qax Internet Control Gateway
Weaknesses		NVD-CWE-Other
CPEs		cpe:2.3:a:qianxin:qax_internet_control_gateway::::::::
Vendors & Products		Qianxin Qianxin qax Internet Control Gateway

Mon, 09 Mar 2026 10:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Qi-anxin Qi-anxin qax Virus Removal
Vendors & Products		Qi-anxin Qi-anxin qax Virus Removal

Mon, 09 Mar 2026 03:30:00 +0000

Type	Values Removed	Values Added
Description		A weakness has been identified in Qi-ANXIN QAX Virus Removal up to 2025-10-22. The affected element is the function ZwTerminateProcess in the library QKSecureIO_Imp.sys of the component Mini Filter Driver. Executing a manipulation can lead to improper access controls. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Title		Qi-ANXIN QAX Virus Removal Mini Filter Driver QKSecureIO_Imp.sys ZwTerminateProcess access control
Weaknesses		CWE-266 CWE-284
References		https://github.com/cwjchoi01/FocusKiller https://github.com/cwjchoi01/FocusKiller/tree/main/FocusKiller https://vuldb.com/?ctiid.349763 https://vuldb.com/?id.349763 https://vuldb.com/?submit.758991
Metrics		cvssV2_0 `{'score': 4.3, 'vector': 'AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 5.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Qi-anxin Qax Virus Removal

Qianxin Qax Internet Control Gateway

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-03-09T02:32:08.133Z

Updated: 2026-03-10T20:20:47.492Z

Reserved: 2026-03-08T08:41:59.080Z

Link: CVE-2026-3796

Vulnrichment

Updated: 2026-03-10T20:20:43.372Z

NVD

Status : Analyzed

Published: 2026-03-09T04:15:58.877

Modified: 2026-03-10T18:48:25.113

Link: CVE-2026-3796

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-16T10:30:16Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object