Skip to main content

360 Total Security CVE-2026-12214

| EUVDEUVD-2026-36688 HIGH
Protection Mechanism Failure (CWE-693)
2026-06-15 cna@vuldb.com GHSA-9r2r-c24c-x9g4
7.1
CVSS 4.0 · Vendor: vuldb
Share

Severity by source

Vendor (vuldb) PRIMARY
7.1 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.8 HIGH

Local attack on Windows endpoint requires a low-privileged account to invoke the vulnerable RPC call (AV:L, PR:L, AC:L, UI:N); bypassing AV self-protection yields high C/I/A on the host with no scope change.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (vuldb).

CVSS VectorVendor: vuldb

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 15, 2026 - 04:31 vuln.today

DescriptionCVE.org

A security flaw has been discovered in Qihoo 360 Total Security 6.0. This vulnerability affects the function RpcStringBindingComposeW of the component Nucleus Engine Monitoring Logic. Performing a manipulation of the argument NetworkAddr results in protection mechanism failure. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Protection mechanism failure in Qihoo 360 Total Security 6.0 allows a locally authenticated attacker to bypass the Nucleus Engine Monitoring Logic by manipulating the NetworkAddr argument to the RpcStringBindingComposeW function. Publicly available exploit code exists, and the vendor did not respond to coordinated disclosure, leaving users on 6.0 without an official remediation path. EPSS data is not provided and the issue is not in CISA KEV, but the public PoC raises the practical risk for endpoints running this version.

Technical ContextAI

360 Total Security is a Windows endpoint security suite from Qihoo 360 that includes a 'Nucleus' scanning/monitoring engine running with elevated privileges. The flaw sits in how that component calls the Windows RPC runtime helper RpcStringBindingComposeW, where the NetworkAddr argument is not properly constrained, enabling a protection-mechanism bypass classified under CWE-693 (Protection Mechanism Failure). RpcStringBindingComposeW assembles an RPC string binding (protocol, address, endpoint, options) used to reach a server; if a local process can influence NetworkAddr, the security product can be coerced into binding to an attacker-chosen endpoint, undermining the integrity of its own self-protection or monitoring channel. No CPE strings were supplied beyond the textual identifier 'Qihoo 360 Total Security 6.0'.

RemediationAI

No vendor-released patch identified at time of analysis - Qihoo 360 did not respond to the disclosure, so defenders should monitor https://vuldb.com/vuln/370858 and the Qihoo 360 product update channel for a future fixed build of 360 Total Security beyond 6.0 and upgrade as soon as one is published. As compensating controls on endpoints still running 6.0, restrict local user accounts to standard (non-administrator) privileges to reduce the population of users who can run the local PoC, enable Windows attack-surface-reduction rules and AppLocker/WDAC policies to block execution of unknown binaries that could invoke the vulnerable RPC path, and, if feasible in your environment, replace 360 Total Security with an alternative endpoint protection product - the trade-off being loss of any 360-specific features and re-tuning of detection baselines. Avoid relying on the product's own self-protection as a control here, since this issue specifically targets that self-protection layer.

Share

CVE-2026-12214 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy