CVE-2026-3000
Published: 02 March 2026
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2026-3000 is a remote code execution vulnerability in the IDExpert Windows Logon Agent developed by Changing. It allows unauthenticated remote attackers to force affected systems to download arbitrary DLL files from a remote source and execute them. The vulnerability has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-494 (Download of Code Without Integrity Check). It was published on 2026-03-02.
Unauthenticated attackers with network access can exploit this vulnerability without user interaction or privileges. By leveraging the flaw, they can remotely trigger the download and execution of malicious DLLs, achieving full remote code execution on the target system with high confidentiality, integrity, and availability impacts.
Mitigation details are available in advisories from the vendor and related organizations, including Changing's announcement at https://www.changingtec.com/news_detail.jsp?item_id=348 and TWCERT reports at https://www.twcert.org.tw/en/cp-139-10741-daed4-2.html and https://www.twcert.org.tw/tw/cp-132-10740-b2eb2-1.html. Security practitioners should consult these references for patch information and remediation guidance.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability enables unauthenticated remote code execution by forcing download and execution of arbitrary DLLs in a network-accessible Windows service, directly mapping to exploitation of a public-facing application for initial access.