Security Advisories

Software vulnerabilities found in Qualys' products.

Responsible Disclosure

"Qualys is committed to collaboration with security researchers as a way to ensure the security of our products."
Jonathan TrullCISO
Read the Qualys Responsible Disclosure Policy

This page contains information regarding security vulnerabilities that may impact Qualys' products. This may include issues specific to our software, or due to the use of third-party libraries within our software. Qualys strongly encourages users to ensure that they upgrade or apply relevant patches in a timely manner.

Business colleagues reviewing endpoint security solutions | Qualys

Report a vulnerability

If you believe you've found a securityissue in one of our products or services, please send it to us at [email protected] along with your contact details and include the following in your report:

A description of the issue and where it is located along with screenshots.
A description of the steps required to reproduce the issue.
A working proof of concept.

Read our responsible disclosure policy.

Nov 11, 2025
Local Privilege Escalation using qagent_uninstall.sh on Cloud Agent
Read the advisory
Jan 10, 2024
Possible XXE vulnerability in Jenkins Plugin for Qualys Policy Compliance
Read the advisory
Jan 10, 2024
Possible XSS vulnerability in Jenkins Plugin for Qualys Policy Compliance
Read the advisory
Jan 10, 2024
Possible XXE vulnerability in Jenkins Plugin for Qualys Web Application Security
Read the advisory
Dec 08, 2023
Stored XSS Vulnerability in QualysGuard VM/PC
Read the advisory
Sep 08, 2023
Incorrect Permission Assignment on Qualys Container Scanning Connector Plugin 1.6.2.6 and earlier
Read the advisory
Apr 18, 2023
Possible Executable Hijacking of Qualys Cloud Agent for Windows prior to 4.5.3.1 [CVE-2023-28140]
Read the advisory
Apr 18, 2023
Possible NTFS Junction Exploitation on Qualys Cloud Agent for Windows prior to 4.8.0.31 [CVE-2023-28141]
Read the advisory
Apr 18, 2023
Possible Qualys Cloud Agent for Windows Race Condition Exploitation prior to 4.5.3.1 [CVE-2023-28142]
Read the advisory
Apr 18, 2023
Possible Local Privilege Escalation of Qualys Cloud Agent for Mac prior to 3.7 [CVE-2023-28143]
Read the advisory
Aug 15, 2022
Possible local privilege escalation for Qualys Cloud Agent for Linux with Manifest versions prior to 2.5.548.2
Read the advisory
Aug 15, 2022
Possible local information disclosure for Qualys Cloud Agent for Linux when logging level set to trace
Read the advisory
View vulnerabilities in other products found by Qualys engineers.

Security Advisories

Software vulnerabilities found in Qualys' products.

Responsible Disclosure

Report a vulnerability

Local Privilege Escalation using qagent_uninstall.sh on Cloud Agent

Possible XXE vulnerability in Jenkins Plugin for Qualys Policy Compliance

Possible XSS vulnerability in Jenkins Plugin for Qualys Policy Compliance

Possible XXE vulnerability in Jenkins Plugin for Qualys Web Application Security

Stored XSS Vulnerability in QualysGuard VM/PC

Incorrect Permission Assignment on Qualys Container Scanning Connector Plugin 1.6.2.6 and earlier

Possible Executable Hijacking of Qualys Cloud Agent for Windows prior to 4.5.3.1 [CVE-2023-28140]

Possible NTFS Junction Exploitation on Qualys Cloud Agent for Windows prior to 4.8.0.31 [CVE-2023-28141]

Possible Qualys Cloud Agent for Windows Race Condition Exploitation prior to 4.5.3.1 [CVE-2023-28142]

Possible Local Privilege Escalation of Qualys Cloud Agent for Mac prior to 3.7 [CVE-2023-28143]

Possible local privilege escalation for Qualys Cloud Agent for Linux with Manifest versions prior to 2.5.548.2

Possible local information disclosure for Qualys Cloud Agent for Linux when logging level set to trace