GFI Archiver MArc.Core Deserialization of Untrusted Data Remote Code Execution Vulnerability

GFI Archiver contains a critical remote code execution vulnerability (CVE-2026-2037) with a CVSS score of 8.8 that allows attackers to execute arbitrary code despite the product's authentication requirements, as the authentication mechanism itself can be bypassed. An attacker exploiting this flaw gains the ability to run malicious code on affected systems with minimal barriers to entry. Security teams should immediately apply available patches from GFI, restrict network access to Archiver instances, and monitor systems for signs of exploitation until updates can be deployed.