{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-30896", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2026-03-06T07:44:54.156Z", "datePublished": "2026-03-09T05:01:16.202Z", "dateUpdated": "2026-03-09T20:53:13.759Z"}, "containers": {"cna": {"affected": [{"vendor": "Qsee", "product": "Qsee Client", "versions": [{"version": "1.0.1 and prior", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "The installer for Qsee Client versions 1.0.1 and prior insecurely load Dynamic Link Libraries (DLLs). When a user is directed to place some malicious DLL to the same directory and execute the affected installer, then arbitrary code may be executed with the administrative privilege."}], "problemTypes": [{"descriptions": [{"description": "Uncontrolled Search Path Element", "lang": "en-US", "cweId": "CWE-427", "type": "CWE"}]}], "references": [{"url": "https://www.q-see.com/pages/download"}, {"url": "https://jvn.jp/en/jp/JVN11676807/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_0": {"version": "3.0", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}, {"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV4_0": {"version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.4, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2026-03-09T05:01:16.202Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-09T20:53:00.503312Z", "id": "CVE-2026-30896", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-09T20:53:13.759Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-30896", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-09T20:53:00.503312Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-09T20:53:10.467Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"version": "4.0", "baseScore": 8.4, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Qsee", "product": "Qsee Client", "versions": [{"status": "affected", "version": "1.0.1 and prior"}]}], "references": [{"url": "https://www.q-see.com/pages/download"}, {"url": "https://jvn.jp/en/jp/JVN11676807/"}], "descriptions": [{"lang": "en", "value": "The installer for Qsee Client versions 1.0.1 and prior insecurely load Dynamic Link Libraries (DLLs). When a user is directed to place some malicious DLL to the same directory and execute the affected installer, then arbitrary code may be executed with the administrative privilege."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-427", "description": "Uncontrolled Search Path Element"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2026-03-09T05:01:16.202Z"}}}, "cveMetadata": {"cveId": "CVE-2026-30896", "state": "PUBLISHED", "dateUpdated": "2026-03-09T20:53:13.759Z", "dateReserved": "2026-03-06T07:44:54.156Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2026-03-09T05:01:16.202Z", "assignerShortName": "jpcert"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:q-see:qsee_client:*:*:*:*:*:windows:*:*", "matchCriteriaId": "E52EFB4E-DEBC-4771-A6AF-7D187786341B", "versionEndIncluding": "1.0.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The installer for Qsee Client versions 1.0.1 and prior insecurely load Dynamic Link Libraries (DLLs). When a user is directed to place some malicious DLL to the same directory and execute the affected installer, then arbitrary code may be executed with the administrative privilege."}, {"lang": "es", "value": "El instalador para las versiones 1.0.1 y anteriores de Qsee Cliente carga de forma insegura las Bibliotecas de Enlace Din\u00e1mico (DLLs). Cuando se le indica a un usuario que coloque alguna DLL maliciosa en el mismo directorio y ejecute el instalador afectado, entonces se puede ejecutar c\u00f3digo arbitrario con el privilegio administrativo."}], "id": "CVE-2026-30896", "lastModified": "2026-03-10T18:47:17.373", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "vultures@jpcert.or.jp", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "vultures@jpcert.or.jp", "type": "Secondary"}]}, "published": "2026-03-09T06:16:08.420", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN11676807/"}, {"source": "vultures@jpcert.or.jp", "tags": ["Product"], "url": "https://www.q-see.com/pages/download"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "vultures@jpcert.or.jp", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.0.1]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Qsee Client", "source": "cna", "vendor": "Qsee"}, "product": "qsee_client", "vendor": "qsee"}], "analysis": {"en": {"generated_at": "2026-04-16T10:21:38.122493+00:00", "value": {"mitigation_remediation": ["Upgrade Qsee Client to any release newer than 1.0.1, which removes the insecure DLL loading behavior.", "When installing Qsee Client, ensure the installer runs under a non\u2011administrative account and that the installation directory contains only trusted files.", "Use a whitelist or application control tool to restrict execution of DLLs within the installer directory to only those signed by Q\u2011See."], "summary": {"action": "Patch Immediately", "impact": "Privilege Escalation via Arbitrary Code Execution"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Qsee Client application released by Q\u2011See under the product name Qsee Client. Versions 1.0.1 and all earlier releases on Windows are impacted. The insecure DLL loading behavior exists in the installer payload executed during installation.", "description_and_impact": "The Qsee Client installer for versions 1.0.1 and earlier loads dynamic link libraries from the current directory without proper validation. If a malicious DLL is placed beside the installer and the affected installer is executed, the loader will run the DLL with the administrative privileges that the installer possesses. This results in arbitrary code execution with elevated rights, allowing an attacker to perform any action the admin user can, including installing back\u2011doors, modifying system configuration, or compromising other accounts.", "risk_and_exploitability": "The CVSS score of 8.4 indicates a high severity flaw. The EPSS score of less than 1% suggests that while the vulnerability is serious, the current likelihood of exploitation is low. The flaw is not listed in the CISA KEV catalog. The attack requires local access to the installation environment to place a crafted DLL in the installer\u2019s directory; an attacker can then launch the installer, triggering execution of the malicious code with administrator privileges. Because the requirement is only local installation, the risk is primarily for privileged users or systems where untrusted installers are run without monitoring."}}}}, "created": "2026-03-10T14:10:20.094174+00:00", "updated": "2026-04-16T10:30:16.170568+00:00", "vendors": ["qsee", "qsee$PRODUCT$qsee_client"]}