Description
GFI Archiver MArc.Store Missing Authorization Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the configuration of the MArc.Store.Remoting.exe process, which listens on port 8018. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of SYSTEM. Was ZDI-CAN-28597.
Published: 2026-02-20
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Unauthenticated Access Leading to Potential Remote Code Execution
Action: Patch Immediately
AI Analysis

Impact

This vulnerability represents an authentication bypass that allows remote attackers to gain access to the MArc.Store.Remoting.exe process without any credentials. The flaw is rooted in missing authorization checks (CWE‑862) and can be used together with other weaknesses to execute code with SYSTEM privileges. The result is complete loss of confidentiality, integrity, and availability for the affected system.

Affected Systems

The affected software is GFI Archiver, with the vulnerability arising in the MArc.Store.Remoting.exe component that listens on port 8018. No specific product version is listed, so all installations of GFI Archiver with this component are potential targets.

Risk and Exploitability

The CVSS score of 9.8 classifies this as a critical vulnerability, while the EPSS score of less than 1% indicates a currently low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Attackers can exploit it remotely over the network by contacting the unprotected port 8018, without needing any prior authentication. Because the flaw permits unrestricted access to privileged functionality, the risk to any system exposing this port is substantial.

Generated by OpenCVE AI on April 17, 2026 at 17:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest vendor patch or update to a version that includes fixes for the authentication bypass in MArc.Store.Remoting.exe.
  • Block or restrict inbound traffic to port 8018 using firewall or network segmentation to prevent unauthorized remote access.
  • Implement comprehensive logging and monitoring for any attempts to connect to the MArc.Store.Remoting.exe process and alert on suspicious activity.

Generated by OpenCVE AI on April 17, 2026 at 17:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Feb 2026 21:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:gfi:archiver:15.10:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Tue, 24 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Feb 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Gfi
Gfi archiver
Vendors & Products Gfi
Gfi archiver

Fri, 20 Feb 2026 22:30:00 +0000

Type Values Removed Values Added
Description GFI Archiver MArc.Store Missing Authorization Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the MArc.Store.Remoting.exe process, which listens on port 8018. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of SYSTEM. Was ZDI-CAN-28597.
Title GFI Archiver MArc.Store Missing Authorization Authentication Bypass Vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

Subscriptions

Gfi Archiver
cve-icon MITRE

Status: PUBLISHED

Assigner: zdi

Published:

Updated: 2026-02-24T15:05:56.011Z

Reserved: 2026-02-06T01:12:40.764Z

Link: CVE-2026-2039

cve-icon Vulnrichment

Updated: 2026-02-24T15:05:49.416Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-20T23:16:03.913

Modified: 2026-02-24T21:42:14.183

Link: CVE-2026-2039

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T17:15:23Z

Weaknesses