CVE-2026-3796

low-risk

Published 2026-03-09

A weakness has been identified in Qi-ANXIN QAX Virus Removal up to 2025-10-22. The affected element is the function ZwTerminateProcess in the library QKSecureIO_Imp.sys of the component Mini Filter Driver. Executing a manipulation can lead to improper access controls. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Do I need to act?

0.01% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Qax Internet Control Gateway

Affected Vendors

Qianxin

References (5)

Product https://github.com/cwjchoi01/FocusKiller

Product https://github.com/cwjchoi01/FocusKiller/tree/main/FocusKiller

Permissions Required https://vuldb.com/?ctiid.349763

Third Party Advisory https://vuldb.com/?id.349763

Third Party Advisory https://vuldb.com/?submit.758991

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal