{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/tencent-pc-manager-18.1.30242.301/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7,"id":"CVE-2026-15515"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Tencent PC Manager (18.1.30242.301)"],"_cs_severities":["high"],"_cs_tags":["cve","vulnerability","privilege-escalation","windows"],"_cs_type":"advisory","_cs_vendors":["Tencent"],"content_html":"\u003cp\u003eA security vulnerability, identified as CVE-2026-15515, has been discovered in Tencent PC Manager version 18.1.30242.301. The flaw is specifically located within the \u003ccode\u003eqmudisk64.sys\u003c/code\u003e library, which is part of the QMUDisk Driver component. This vulnerability stems from an uncontrolled search path, which can lead to privilege escalation. Exploitation requires local user access and is considered to be of high complexity and difficult to achieve, although a public exploit has been disclosed, increasing the risk of its use. Despite early disclosure, the vendor did not respond, indicating a lack of official patch or guidance at the time of publication. This vulnerability poses a significant risk to affected systems as it could allow an attacker to execute malicious code with elevated system privileges.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eInitial Access:\u003c/strong\u003e An attacker first gains local, unprivileged access to a system running the vulnerable Tencent PC Manager.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eVulnerable Component Identification:\u003c/strong\u003e The attacker identifies that the \u003ccode\u003eqmudisk64.sys\u003c/code\u003e driver, part of the QMUDisk Driver component, is susceptible to an uncontrolled search path vulnerability during its operation or loading.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMalicious DLL Placement:\u003c/strong\u003e The attacker crafts a malicious Dynamic Link Library (DLL) file and strategically places it in a directory that the vulnerable driver or its associated processes search before the legitimate location of required system DLLs.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTrigger Vulnerable Execution:\u003c/strong\u003e The attacker waits for or actively triggers the vulnerable Tencent PC Manager component or the operating system to load the QMUDisk Driver (\u003ccode\u003eqmudisk64.sys\u003c/code\u003e) or another component that depends on it.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDLL Hijacking/Sideloading:\u003c/strong\u003e Due to the uncontrolled search path, the legitimate process attempts to load a required DLL and, finding the attacker's malicious DLL first in its search path, loads and executes it instead.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePrivilege Escalation:\u003c/strong\u003e The malicious DLL executes arbitrary code within the context of the vulnerable driver, typically gaining SYSTEM-level privileges.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSystem Compromise:\u003c/strong\u003e With elevated privileges, the attacker can perform further malicious actions, such as installing persistence mechanisms, deploying additional malware, exfiltrating sensitive data, or taking full control of the compromised system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-15515 allows an attacker with local access to achieve privilege escalation, potentially leading to arbitrary code execution with SYSTEM privileges. This level of access grants the attacker full control over the compromised Windows system, enabling them to bypass security controls, steal sensitive information, install backdoors, or deploy further malicious payloads like ransomware. While the vulnerability requires local access and is considered difficult to exploit, the public disclosure of an exploit significantly lowers the barrier for motivated attackers. The CVSS v3.1 Base Score of 7.0 highlights a high impact on confidentiality, integrity, and availability once exploited.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch CVE-2026-15515 on all systems running Tencent PC Manager 18.1.30242.301 immediately if a patch becomes available.\u003c/li\u003e\n\u003cli\u003eRestrict local administrative privileges to prevent potential attackers from reaching the necessary access level to exploit this type of vulnerability.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-13T01:18:23Z","date_published":"2026-07-13T01:18:23Z","id":"https://feed.craftedsignal.io/briefs/2026-07-cve-2026-15515/","summary":"A high-severity uncontrolled search path vulnerability (CVE-2026-15515) in the `qmudisk64.sys` component of Tencent PC Manager 18.1.30242.301 allows a local attacker to execute arbitrary code with elevated privileges, despite high complexity and difficult exploitability, due to public exploit disclosure.","title":"Tencent PC Manager QMUDisk Driver Uncontrolled Search Path Vulnerability (CVE-2026-15515)","url":"https://feed.craftedsignal.io/briefs/2026-07-cve-2026-15515/"}],"language":"en","title":"CraftedSignal Threat Feed - Tencent PC Manager (18.1.30242.301)","version":"https://jsonfeed.org/version/1.1"}