What is the CVSS score of CVE-2026-2036?

CVE-2026-2036 has a CVSS 3.0 base score of 8.8 (High). CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 1.0%.

Which versions of Archiver are affected by CVE-2026-2036?

A critical remote code execution vulnerability (CVE-2026-2036) exists in GFI Archiver with no available patch, allowing attackers to execute arbitrary code on affected systems.

How to fix or mitigate CVE-2026-2036?

Within 24 hours: Identify all systems running GFI Archiver and isolate them from production networks if possible; disable remote access to affected systems and restrict network access to trusted sources only. Within 7 days: Implement network segmentation to limit lateral movement; deploy intrusion detection signatures for exploit attempts; escalate to GFI for patch timeline and emergency updates. Within 30 days: Evaluate alternative archiving solutions; prepare migration plan if patch remains unavailable; conduct incident response tabletop exercise focused on this vulnerability.

Archiver CVE-2026-2036

HIGH

Deserialization of Untrusted Data (CWE-502)

2026-02-20 zdi-disclosures@trendmicro.com

RCE Deserialization Archiver

8.8

CVSS 3.0 · NVD

Severity by source

NVD PRIMARY

8.8 HIGH

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:04 vuln.today

CVE Published

Feb 20, 2026 - 23:16 nvd

HIGH 8.8

DescriptionCVE.org

GFI Archiver MArc.Store Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.

The specific flaw exists within the configuration of the MArc.Store.Remoting.exe process. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-27936.

AnalysisAI

Remote code execution in GFI Archiver's MArc.Store.Remoting.exe component stems from unsafe deserialization of untrusted data, allowing authenticated attackers to execute arbitrary code with SYSTEM privileges despite the authentication requirement being bypassable. The vulnerability affects the deserialization and archiver products due to insufficient validation of user-supplied input, enabling full system compromise. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Bypass authentication mechanism

Exploit

Send malicious serialized object to MArc.Store.Remoting.exe

Execution

Trigger unsafe deserialization

Impact

Execute arbitrary code remotely

Access

Bypass authentication mechanism

Exploit

Send malicious serialized object to MArc.Store.Remoting.exe

Execution

Trigger unsafe deserialization

Impact

Execute arbitrary code remotely

Vulnerability AssessmentAI

Exploitation	GFI Archiver with MArc.Store.Remoting.exe process active. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 8.8 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	A remote attacker could exploit this vulnerability to execute arbitrary code on affected installations of GFI Archiver.
Remediation	Monitor vendor advisories for a patch. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all systems running GFI Archiver and isolate them from production networks if possible; disable remote access to affected systems and restrict network access to trusted sources only. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-2036 vulnerability details – vuln.today

Back

Archiver CVE-2026-2036

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code