XIGNCODE3 xhunter1.sys kernel driver contains a Privilege Escalation Vulnerability
Summary
| CVE | CVE-2026-3609 |
|---|---|
| State | PUBLISHED |
| Assigner | certcc |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-05-11 18:16:33 UTC |
| Updated | 2026-05-12 14:15:46 UTC |
| Description | Wellbia's XIGNCODE3 xhunter1.sys kernel driver Privilege Escalation Vulnerability provides access to IRP_MJ_REITS command interface, which allows any user process to request a PROCESS_ALL_ACCESS. Cross reference to KVE 2023-5589 (https://krcert.or.kr) |
Risk And Classification
Problem Types: CWE-269 Improper Privilege Management | CWE-732 Incorrect Permission Assignment for Critical Resource | CWE-284 Improper Access Control | CWE-266 Incorrect Privilege Assignment
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Wellbia | XIGNCODE3 Anti-Cheat | affected 10.0.10011.16384 | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| crcert.or.kr | [email protected] | crcert.or.kr | |
| blacksnufkin.github.io/posts/AntiCheat-LPE-CVE-2026-3609 | [email protected] | blacksnufkin.github.io | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.