CVE-2026-3609

Summary

Wellbia's XIGNCODE3 xhunter1.sys kernel driver Privilege Escalation Vulnerability provides access to IRP_MJ_REITS command interface, which allows any user process to request a PROCESS_ALL_ACCESS. Cross reference to KVE 2023-5589 (https://krcert.or.kr)

Affected Software

VendorProductVersion RangeStatus
WellbiaXIGNCODE3 Anti-Cheat10.0.10011.16384affected

Weaknesses

  • CWE-269 Improper Privilege Management
  • CWE-732 Incorrect Permission Assignment for Critical Resource
  • CWE-284 Improper Access Control
  • CWE-266 Incorrect Privilege Assignment

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References