← Back
2026-03-09 5:1CVE-2026-30896jpcert
PUBLISHED5.2CWE-427

The installer for Qsee Client versions 1.0.1 and prior insecurely load Dynamic Link Libraries (DLLs). When a user is directed to place some malicious DLL to the same directory and execute the affected installer, then arbitrary code may be executed with the administrative privilege.

Problem type

Affected products

Qsee

Qsee Client

1.0.1 and prior - AFFECTED

References

q-see.com

https://www.q-see.com/pages/download

jvn.jp

https://jvn.jp/en/jp/JVN11676807/

GitHub Security Advisories

GHSA-gww4-6rrf-6f3g

The installer for Qsee Client versions 1.0.1 and prior insecurely load Dynamic Link Libraries ...

https://github.com/advisories/GHSA-gww4-6rrf-6f3g

The installer for Qsee Client versions 1.0.1 and prior insecurely load Dynamic Link Libraries (DLLs). When a user is directed to place some malicious DLL to the same directory and execute the affected installer, then arbitrary code may be executed with the administrative privilege.

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2026-30896

jvn.jp

https://jvn.jp/en/jp/JVN11676807

q-see.com

https://www.q-see.com/pages/download

github.com

https://github.com/advisories/GHSA-gww4-6rrf-6f3g

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-30896
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-30896",
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "dateUpdated": "2026-03-09T05:01:16.202Z",
    "dateReserved": "2026-03-06T07:44:54.156Z",
    "datePublished": "2026-03-09T05:01:16.202Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert",
        "dateUpdated": "2026-03-09T05:01:16.202Z"
      },
      "descriptions": [
        {
          "lang": "en",
          "value": "The installer for Qsee Client versions 1.0.1 and prior insecurely load Dynamic Link Libraries (DLLs). When a user is directed to place some malicious DLL to the same directory and execute the affected installer, then arbitrary code may be executed with the administrative privilege."
        }
      ],
      "affected": [
        {
          "vendor": "Qsee",
          "product": "Qsee Client",
          "versions": [
            {
              "version": "1.0.1 and prior",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en-US",
              "description": "Uncontrolled Search Path Element",
              "cweId": "CWE-427",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://www.q-see.com/pages/download"
        },
        {
          "url": "https://jvn.jp/en/jp/JVN11676807/"
        }
      ],
      "metrics": [
        {
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ],
          "cvssV3_0": {
            "version": "3.0",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "baseScore": 7.8,
            "baseSeverity": "HIGH"
          }
        },
        {
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ]
    }
  }
}