CVE-2026-27749

Name of the Vulnerable Software and Affected Versions Avira Internet Security (affected versions not specified)

Description The software contains a flaw involving the deserialization of untrusted data within the System Speedup component. The Avira.SystemSpeedup.RealTimeOptimizer.exe process, operating with SYSTEM privileges, deserializes data from a file located at C:ProgramData using .NET BinaryFormatter. This process lacks input validation or deserialization safeguards. An attacker can create or modify this file with a crafted serialized payload, leading to arbitrary code execution with SYSTEM privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.