Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.4
Qsee Client installer can run malicious code with admin rights
CVE-2026-30896
Summary
The Qsee Client installer for versions 1.0.1 and earlier allows attackers to run malicious code with administrator privileges if they can trick users into placing a malicious file in the same directory and running the installer. This is a serious issue because it can be used to take control of a computer. Users should update to the latest version of Qsee Client to fix this problem.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| q-see | qsee_client | <= 1.0.1 | – |
Original title
The installer for Qsee Client versions 1.0.1 and prior insecurely load Dynamic Link Libraries (DLLs). When a user is directed to place some malicious DLL to the same directory and execute the affec...
Original description
The installer for Qsee Client versions 1.0.1 and prior insecurely load Dynamic Link Libraries (DLLs). When a user is directed to place some malicious DLL to the same directory and execute the affected installer, then arbitrary code may be executed with the administrative privilege.
nvd CVSS3.0
7.8
nvd CVSS4.0
8.4
Vulnerability type
CWE-427
Uncontrolled Search Path Element
Published: 9 Mar 2026 · Updated: 13 Mar 2026 · First seen: 9 Mar 2026