VYPR
High severity7.8NVD Advisory· Published Mar 5, 2026· Updated Apr 1, 2026

CVE-2026-27749

CVE-2026-27749

Description

Avira Internet Security contains a deserialization of untrusted data vulnerability in the System Speedup component. The Avira.SystemSpeedup.RealTimeOptimizer.exe process, which runs with SYSTEM privileges, deserializes data from a file located in C:\\ProgramData using .NET BinaryFormatter without implementing input validation or deserialization safeguards. Because the file can be created or modified by a local user in default configurations, an attacker can supply a crafted serialized payload that is deserialized by the privileged process, resulting in arbitrary code execution as SYSTEM.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:avira:internet_security:*:*:*:*:*:windows:*:*+ 1 more
    • cpe:2.3:a:avira:internet_security:*:*:*:*:*:windows:*:*range: <1.1.114.3113
    • (no CPE)

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.

CVE-2026-27749 · High · VYPR