What is the CVSS score of CVE-2026-27749?

CVE-2026-27749 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Internet Security are affected by CVE-2026-27749?

Avira Internet Security users face a high-severity vulnerability in the System Speedup component that could allow attackers to execute arbitrary code through malicious data.

How to fix or mitigate CVE-2026-27749?

Within 24 hours: Identify all systems running Avira Internet Security and document System Speedup component versions. Within 7 days: Implement network segmentation to restrict lateral movement and disable the System Speedup component if business-critical functionality permits. Within 30 days: Evaluate alternative endpoint security solutions and develop migration plan; monitor Avira security advisories for patch availability.

Internet Security CVE-2026-27749

HIGH

Deserialization of Untrusted Data (CWE-502)

2026-03-05 disclosure@vulncheck.com

Deserialization RCE Internet Security

7.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.8 HIGH

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:06 vuln.today

CVE Published

Mar 05, 2026 - 15:16 nvd

HIGH 7.8

DescriptionCVE.org

Avira Internet Security contains a deserialization of untrusted data vulnerability in the System Speedup component. The Avira.SystemSpeedup.RealTimeOptimizer.exe process, which runs with SYSTEM privileges, deserializes data from a file located in C:\\ProgramData using .NET BinaryFormatter without implementing input validation or deserialization safeguards. Because the file can be created or modified by a local user in default configurations, an attacker can supply a crafted serialized payload that is deserialized by the privileged process, resulting in arbitrary code execution as SYSTEM.

AnalysisAI

Arbitrary code execution as SYSTEM in Avira Internet Security's System Speedup component occurs when the privileged RealTimeOptimizer.exe process deserializes untrusted .NET binary data from a world-writable ProgramData location without validation. A local attacker can craft a malicious serialized payload to achieve immediate privilege escalation and full system compromise. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Create malicious serialized payload

Exploit

Place payload in C:\ProgramData directory

Execution

Avira.SystemSpeedup.RealTimeOptimizer.exe deserializes untrusted data

Impact

Execute arbitrary code as SYSTEM

Access

Create malicious serialized payload

Exploit

Place payload in C:\ProgramData directory

Execution

Avira.SystemSpeedup.RealTimeOptimizer.exe deserializes untrusted data

Impact

Execute arbitrary code as SYSTEM

Vulnerability AssessmentAI

Exploitation	Local user account required to write to C:\ProgramData directory. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 7.8 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker could exploit this flaw, arbitrary code execution as SYSTEM.
Remediation	Monitor vendor advisories for a patch. Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all systems running Avira Internet Security and document System Speedup component versions. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-27749 vulnerability details – vuln.today

Back

Internet Security CVE-2026-27749

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code