Vulnerabilities

CVE-2026-27749 - Avira Internet Security System Speedup Insecure Deserialization

2026-03-05 0 views admin

CVE ID : CVE-2026-27749 Published : March 5, 2026, 3:16 p.m. | 17 minutes ago Description : Avira Internet Security contains a deserialization of untrusted data vulnerability in the System Speedup component. The Avira.SystemSpeedup.RealTimeOptimizer.exe process, which runs with SYSTEM privileges, deserializes data from a file located in C:\\ProgramData using .NET BinaryFormatter without implementing input validation or deserialization safeguards. Because the file can be created or modified by a local user in default configurations, an attacker can supply a crafted serialized payload that is deserialized by the privileged process, resulting in arbitrary code execution as SYSTEM. Severity: 8.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-27749

Severity

HIGH

Published

March 5, 2026

Attack Vector: local

Impact: code execution

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-27749high

CVE-2026-27749 - Avira Internet Security System Speedup Insecure Deserialization

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2026-1720 - WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Gener...

CVE-2026-27748 - Avira Internet Security Arbitrary File Deletion via Improper Link Resolution

CVE-2025-69534 - Python-Markdown HTML Injection Denial of Service

CVE-2026-27750 - Avira Internet Security Optimizer TOCTOU

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting