CVE-2026-27749 - Vulnerability Details

Avira Internet Security contains a deserialization of untrusted data vulnerability in the System Speedup component. The Avira.SystemSpeedup.RealTimeOptimizer.exe process, which runs with SYSTEM privileges, deserializes data from a file located in C:\\ProgramData using .NET BinaryFormatter without implementing input validation or deserialization safeguards. Because the file can be created or modified by a local user in default configurations, an attacker can supply a crafted serialized payload that is deserialized by the privileged process, resulting in arbitrary code execution as SYSTEM.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://blog.quarkslab.com/avira-deserialize-delete-and-escalate-the-proper-way-to-use-an-av.html
https://support.avira.com/hc/en-us/articles/360010656158-Current-Avira-versions
https://www.avira.com/en/internet-security
https://www.vulncheck.com/advisories/avira-internet-security-system-speedup-insecure-deserialization

History

Thu, 05 Mar 2026 14:30:00 +0000

Type	Values Removed	Values Added
Description		Avira Internet Security contains a deserialization of untrusted data vulnerability in the System Speedup component. The Avira.SystemSpeedup.RealTimeOptimizer.exe process, which runs with SYSTEM privileges, deserializes data from a file located in C:\\ProgramData using .NET BinaryFormatter without implementing input validation or deserialization safeguards. Because the file can be created or modified by a local user in default configurations, an attacker can supply a crafted serialized payload that is deserialized by the privileged process, resulting in arbitrary code execution as SYSTEM.
Title		Avira Internet Security System Speedup Insecure Deserialization
Weaknesses		CWE-502
References		https://blog.quarkslab.com/avira-deserialize-delete-and-escalate-the-proper-way-to-use-an-av.html https://support.avira.com/hc/en-us/articles/360010656158-Current-Avira-versions https://www.avira.com/en/internet-security https://www.vulncheck.com/advisories/avira-internet-security-system-speedup-insecure-deserialization
Metrics		cvssV4_0 `{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2026-03-05T14:15:35.580Z

Updated: 2026-03-05T14:15:35.580Z

Reserved: 2026-02-23T21:38:48.842Z

Link: CVE-2026-27749

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-03-05T15:16:11.963

Modified: 2026-03-05T19:38:33.877

Link: CVE-2026-27749

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-502

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object