CVE-2026-2037

Name of the Vulnerable Software and Affected Versions GFI Archiver (affected versions not specified)

Description A flaw exists in GFI Archiver related to the deserialization of untrusted data within the MArc.Core component. This allows remote attackers to potentially execute arbitrary code on affected systems. Authentication is required for exploitation, but the existing authentication mechanism can be bypassed. The issue resides in the configuration of the MArc.Core.Remoting.exe process, which listens on port 8017, due to insufficient validation of user-supplied data. Successful exploitation could allow an attacker to execute code with SYSTEM privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.