Archiver

4 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-2039 CRITICAL Act Now

Auth bypass in GFI Archiver via MArc.Store missing authorization. EPSS 0.59%.

Authentication Bypass Archiver
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2026-2038 CRITICAL Act Now

Auth bypass in GFI Archiver via MArc.Core missing authorization. EPSS 0.59%.

Authentication Bypass Archiver
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2026-2037 HIGH This Week

Unsafe deserialization in GFI Archiver's MArc.Core.Remoting service (port 8017) enables authenticated remote attackers to achieve unauthenticated remote code execution with SYSTEM privileges, despite the authentication requirement being bypassable. The vulnerability stems from insufficient validation of untrusted data during the deserialization process, allowing arbitrary code execution on affected systems. No patch is currently available.

RCE Deserialization Archiver
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2026-2036 HIGH This Week

Remote code execution in GFI Archiver's MArc.Store.Remoting.exe component stems from unsafe deserialization of untrusted data, allowing authenticated attackers to execute arbitrary code with SYSTEM privileges despite the authentication requirement being bypassable. The vulnerability affects the deserialization and archiver products due to insufficient validation of user-supplied input, enabling full system compromise. No patch is currently available.

RCE Deserialization Archiver
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2026-2039
EPSS 1% CVSS 9.8
CRITICAL Act Now

Auth bypass in GFI Archiver via MArc.Store missing authorization. EPSS 0.59%.

Authentication Bypass Archiver
NVD
CVE-2026-2038
EPSS 1% CVSS 9.8
CRITICAL Act Now

Auth bypass in GFI Archiver via MArc.Core missing authorization. EPSS 0.59%.

Authentication Bypass Archiver
NVD
CVE-2026-2037
EPSS 1% CVSS 8.8
HIGH This Week

Unsafe deserialization in GFI Archiver's MArc.Core.Remoting service (port 8017) enables authenticated remote attackers to achieve unauthenticated remote code execution with SYSTEM privileges, despite the authentication requirement being bypassable. The vulnerability stems from insufficient validation of untrusted data during the deserialization process, allowing arbitrary code execution on affected systems. No patch is currently available.

RCE Deserialization Archiver
NVD
CVE-2026-2036
EPSS 1% CVSS 8.8
HIGH This Week

Remote code execution in GFI Archiver's MArc.Store.Remoting.exe component stems from unsafe deserialization of untrusted data, allowing authenticated attackers to execute arbitrary code with SYSTEM privileges despite the authentication requirement being bypassable. The vulnerability affects the deserialization and archiver products due to insufficient validation of user-supplied input, enabling full system compromise. No patch is currently available.

RCE Deserialization Archiver
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy