GFI Archiver MArc.Store Deserialization of Untrusted Data Remote Code Execution Vulnerability

GFI Archiver contains a critical remote code execution vulnerability (CVE-2026-2036) with a CVSS score of 8.8 that allows attackers to execute arbitrary code on affected systems. Although the vulnerability technically requires authentication, attackers can bypass the authentication mechanism, making the vulnerability exploitable without valid credentials. Organizations using GFI Archiver should prioritize patching this vulnerability immediately and review access logs for any suspicious activity, as the authentication bypass significantly increases the attack surface.