CVE-2026-27749 HIGH

CVE-2026-27749: Avira Internet Security System Speedup Insecure Deserialization

Vendor Gen Digital Inc.
Product Avira Internet Security
Weakness CWE-502 · Unsafe deserialization
Published March 5, 2026
Last update April 1, 2026
View on NVD All CVEs

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Avira Internet Security contains a deserialization of untrusted data vulnerability in the System Speedup component. The Avira.SystemSpeedup.RealTimeOptimizer.exe process, which runs with SYSTEM privileges, deserializes data from a file located in C:\\ProgramData using .NET BinaryFormatter without implementing input validation or deserialization safeguards. Because the file can be created or modified by a local user in default configurations, an attacker can supply a crafted serialized payload that is deserialized by the privileged process, resulting in arbitrary code execution as SYSTEM.

Key dates

02Disclosure timeline

March 5, 2026 CVE published
April 1, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-30230 WordPress PDF Invoices and Packing Slips For WooCommerce plugin <= 1.3.7 - PHP Object Injection vulnerability CVE-2024-13833 Album Gallery – WordPress Gallery <= 1.6.3 - Authenticated (Editor+) PHP Object Injection via Gallery Meta CVE-2025-35051 Newforma Project Center Server (NPCS) .NET unauthenticated deserialization CVE-2024-41151 Apache HertzBeat: RCE by notice template injection vulnerability CVE-2024-1731 Auto Refresh Single Page <= 1.1 - Authenticated (Contributor+) PHP Object Injection