Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
AV:L and PR:L align with local low-priv exploitation; impact held at Low across CIA consistent with CVSS 4.0 VC:L/VI:L/VA:L, despite conflicting exploit-title claim of privilege escalation.
Primary rating from Vendor (VulDB).
CVSS VectorVendor: VulDB
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A security vulnerability has been detected in QILING Disk Master 6.0.0.0. The impacted element is an unknown function in the library diskbckp.sys of the component Kernel Driver. Such manipulation leads to improper access controls. The attack can only be performed from a local environment. The exploit has been disclosed publicly and may be used. It is suggested to upgrade the affected component.
AnalysisAI
Improper access control in the diskbckp.sys kernel driver of QILING Disk Master 6.0.0.0 allows local low-privileged users to bypass authorization checks and interact with privileged kernel driver functionality. Tagged as an authentication bypass, the flaw resides in an unknown function within the kernel driver component, enabling manipulation of access control logic without elevated credentials. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The attacker must have a local interactive or programmatic session (e.g., shell, RDP, or console access) on a Windows system with QILING Disk Master 6.0.0.0 installed and the diskbckp.sys kernel driver actively loaded and running as a service. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector (AV:L/AC:L/AT:N/PR:L/UI:N/E:P) scores 4.8, reflecting local exploitation by a low-privileged user with no attack requirements and a publicly available proof-of-concept. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A standard-privileged Windows user on a machine with QILING Disk Master 6.0.0.0 installed and the diskbckp.sys driver service running invokes a crafted IOCTL via the Windows DeviceIoControl API, bypassing the driver's access control checks without requiring administrative credentials. Using the publicly disclosed PoC documented at https://winslow1984.com/books/cve-collection/page/qiling-disk-master-kernel-driver-diskbckpsys-6-0-0-0-local-privilege-escalation, the attacker manipulates kernel-level operations to achieve privilege escalation or unauthorized disk backup manipulation. … |
| Remediation | The vendor has released a patched build available for download at https://www.idiskhome.com/download/beta/multi_DiskMaster_Pro_Trial.exe - users should upgrade immediately. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43198
GHSA-fv2q-hqcx-c836