High severity7.8NVD Advisory· Published Mar 5, 2026· Updated Apr 1, 2026
CVE-2026-27749
CVE-2026-27749
Description
Avira Internet Security contains a deserialization of untrusted data vulnerability in the System Speedup component. The Avira.SystemSpeedup.RealTimeOptimizer.exe process, which runs with SYSTEM privileges, deserializes data from a file located in C:\\ProgramData using .NET BinaryFormatter without implementing input validation or deserialization safeguards. Because the file can be created or modified by a local user in default configurations, an attacker can supply a crafted serialized payload that is deserialized by the privileged process, resulting in arbitrary code execution as SYSTEM.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:avira:internet_security:*:*:*:*:*:windows:*:*+ 1 more
- cpe:2.3:a:avira:internet_security:*:*:*:*:*:windows:*:*range: <1.1.114.3113
- (no CPE)
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.