Description
GFI Archiver MArc.Core Missing Authorization Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the configuration of the MArc.Core.Remoting.exe process, which listens on port 8017. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of SYSTEM. Was ZDI-CAN-27934.
Published: 2026-02-20
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Authentication Bypass
Action: Apply Patch
AI Analysis

Impact

The flaw in the MArc.Core.Remoting.exe process allows a remote attacker to access functions without first providing authentication credentials. Because the process listens on port 8017, an unauthenticated connection can be established from outside the local network. The vulnerability itself enables an attacker to bypass authentication; if combined with other weaknesses, the attacker may achieve SYSTEM‑level code execution. The primary impact therefore is the loss of authentication safeguards and the potential for complete compromise of the host running GFI Archiver.

Affected Systems

The affected product is GFI Archiver version 15.10, specifically the MArc.Core.Remoting.exe component that listens on TCP port 8017.

Risk and Exploitability

The CVSS score of 9.8 classifies this as a critical flaw, and although the EPSS score is less than 1 %, it indicates a non‑zero but low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. The attack vector is remote over the open port; based on the description, local exploitation is not explicitly documented but could be inferred if the service binds to localhost, and the bypass may be combined with other weaknesses to achieve SYSTEM‑level code execution.

Generated by OpenCVE AI on April 18, 2026 at 17:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑supplied patch or upgrade GFI Archiver to the latest supported version to fix the MArc.Core.Remoting.exe authorization flaw.
  • Block external access to TCP port 8017 by configuring firewalls or network segmentation so only trusted internal systems can reach the service.
  • If the MArc.Core.Remoting.exe service is not required, disable or remove it or restrict its functionality as recommended by the vendor advisory, ensuring that authentication is enforced before any operation.

Generated by OpenCVE AI on April 18, 2026 at 17:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Feb 2026 21:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:gfi:archiver:15.10:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Tue, 24 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Feb 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Gfi
Gfi archiver
Vendors & Products Gfi
Gfi archiver

Fri, 20 Feb 2026 22:30:00 +0000

Type Values Removed Values Added
Description GFI Archiver MArc.Core Missing Authorization Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the MArc.Core.Remoting.exe process, which listens on port 8017. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of SYSTEM. Was ZDI-CAN-27934.
Title GFI Archiver MArc.Core Missing Authorization Authentication Bypass Vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

Subscriptions

Gfi Archiver
cve-icon MITRE

Status: PUBLISHED

Assigner: zdi

Published:

Updated: 2026-02-24T15:02:32.825Z

Reserved: 2026-02-06T01:12:35.967Z

Link: CVE-2026-2038

cve-icon Vulnrichment

Updated: 2026-02-24T15:02:27.356Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-20T23:16:03.777

Modified: 2026-02-24T21:43:04.817

Link: CVE-2026-2038

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T18:00:06Z

Weaknesses