Severity by source
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Local-only search-path hijack (AV:L) that is hard to win reliably (AC:H) and needs an existing low-priv account (PR:L); no scope change, full C/I/A impact on the host.
Primary rating from Vendor (VulDB).
CVSS VectorVendor: VulDB
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A security vulnerability has been detected in Tencent PC Manager 18.1.30242.301. This issue affects some unknown processing in the library qmudisk64.sys of the component QMUDisk Driver. The manipulation leads to uncontrolled search path. The attack must be carried out locally. The attack is considered to have high complexity. The exploitability is assessed as difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Local privilege/impact abuse in Tencent PC Manager 18.1.30242.301 stems from an uncontrolled search path (CWE-427) in the QMUDisk kernel driver library qmudisk64.sys, letting a low-privileged local user coerce loading of an attacker-controlled library to achieve high confidentiality, integrity, and availability impact. Publicly available exploit code exists (the 'qmukiller' proof-of-concept on GitHub), but exploitation is rated high-complexity/difficult and requires local access with existing low-level privileges. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires local access to a Windows host running Tencent PC Manager 18.1.30242.301 with the QMUDisk Driver (qmudisk64.sys) component installed and active, plus an existing low-privileged account (PR:L) able to write an attacker-controlled library into a directory that appears in the driver/service's uncontrolled search path. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector (AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/E:P, base 7.3) describes a locally-exploitable, high-complexity flaw needing low privileges but no user interaction, with full high impact to confidentiality, integrity, and availability and no scope change. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A local attacker who already has a low-privileged foothold on a Windows host running Tencent PC Manager plants a malicious library in a directory searched by the QMUDisk driver component before the legitimate path. When the privileged driver/service resolves and loads that library, the attacker's code executes in the elevated context, enabling privilege escalation or tampering with the security product. … |
| Remediation | No vendor-released patch identified at time of analysis - the vendor was contacted early but did not respond, so no fixed version exists to cite. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Audit all endpoints running Tencent PC Manager 18.1.30242.301 and assess whether general users (beyond administrators) have local system access, which would amplify exploitation risk. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Pc Manager
View allSeveral services in Honor Device Co., Ltd Honor PC Manager v16.0.0.118 was discovered to connect services to the named p
Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to
Microsoft PC Manager Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low att
Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to
Local privilege escalation in Microsoft PC Manager allows an authenticated low-privileged attacker to bypass a security
Microsoft PC Manager Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low att
Cleartext storage of sensitive information in Microsoft PC Manager allows an unauthorized attacker to bypass a security
Improper authorization in Microsoft PC Manager allows an unauthorized attacker to elevate privileges over a network. Rat
Same weakness CWE-427 – Uncontrolled Search Path Element
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43256
GHSA-6pvh-5mc9-hm57