CVE-2026-2036
Deserialization RCE in GFI Archiver MArc.Store with Auth Bypass
Publication date: 2026-02-20
Last updated on: 2026-02-24
Assigner: Zero Day Initiative
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gfi | archiver | 15.10 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in GFI Archiver's MArc.Store.Remoting.exe process due to improper validation of user-supplied data, which leads to deserialization of untrusted data.
An attacker can exploit this flaw to execute arbitrary code remotely on affected installations.
Although authentication is required, the existing authentication mechanism can be bypassed, allowing remote code execution in the context of the SYSTEM user.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to execute arbitrary code remotely with SYSTEM-level privileges on affected systems.
Such access can lead to full compromise of the affected system, including unauthorized access, data theft, data manipulation, or disruption of services.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know