Description
Avira Internet Security contains a deserialization of untrusted data vulnerability in the System Speedup component. The Avira.SystemSpeedup.RealTimeOptimizer.exe process, which runs with SYSTEM privileges, deserializes data from a file located in C:\\ProgramData using .NET BinaryFormatter without implementing input validation or deserialization safeguards. Because the file can be created or modified by a local user in default configurations, an attacker can supply a crafted serialized payload that is deserialized by the privileged process, resulting in arbitrary code execution as SYSTEM.
Published: 2026-03-05
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary code execution as SYSTEM
Action: Immediate Patch
AI Analysis

Impact

Avira Internet Security’s System Speedup component deserializes data from a file in the ProgramData directory using .NET’s BinaryFormatter without prior validation or safeguards. The deserialization logic runs with SYSTEM privileges in the Avira.SystemSpeedup.RealTimeOptimizer.exe process, allowing a crafted payload to execute arbitrary code at the highest privilege level. The flaw is classified as insecure deserialization (CWE‑502).

Affected Systems

Any Windows system that has Avira Internet Security installed and retains the System Speedup component before the patched version 1.1.114.3113. The vulnerability arises from the default configuration that permits local users to create or modify the target file in the ProgramData folder.

Risk and Exploitability

The flaw carries a CVSS score of 7.8, indicating high severity, yet the EPSS score is below 1 %, suggesting that exploitation is currently unlikely. The vulnerability is not listed in CISA’s KEV catalog. Attackers must be able to write to the designated file, implying a local user or local privilege escalation context. If this condition is satisfied, a crafted serialized payload could trigger the SYSTEM‑privileged process to execute arbitrary code. The specific payload details are not provided in the CVE description, so the exact exploitation method is inferred from the insecure deserialization weakness.

Generated by OpenCVE AI on April 16, 2026 at 04:45 UTC.

Remediation

Vendor Solution

Upgrade Avira Internet Security for Windows to version 1.1.114.3113 or later. Apply updates through the product's built-in updater or a fresh install from the vendor; see the release-notes reference in this record for current supported versions.

OpenCVE Recommended Actions

  • Apply an update for Avira Internet Security to version 1.1.114.3113 or later, using the built‑in updater or a fresh installation. This patch removes the insecure deserialization code from the System Speedup component.
  • If an update cannot be deployed immediately, restrict write access to the C:\ProgramData\Avira Internet Security directory for non‑administrator users, effectively preventing the creation or modification of the file that triggers deserialization. Disable or uninstall the System Speedup feature if possible to eliminate the vulnerable process.
  • Maintain strict monitoring for unexpected or malformed files in the ProgramData directory and enforce thorough input validation when interacting with serialized data, in line with best practices for protecting against CWE‑502 vulnerabilities.

Generated by OpenCVE AI on April 16, 2026 at 04:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Fri, 13 Mar 2026 01:30:00 +0000

Type Values Removed Values Added
First Time appeared Avira internet Security
CPEs cpe:2.3:a:avira:internet_security:*:*:*:*:*:windows:*:*
Vendors & Products Avira internet Security

Fri, 06 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 06 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Gen Digital
Gen Digital avira Internet Security
Vendors & Products Gen Digital
Gen Digital avira Internet Security

Fri, 06 Mar 2026 11:15:00 +0000

Type Values Removed Values Added
First Time appeared Avira
Avira avira Internet Security Suite
CPEs cpe:2.3:a:avira:avira_internet_security_suite:*:*:*:*:*:windows:*:*
Vendors & Products Avira
Avira avira Internet Security Suite

Thu, 05 Mar 2026 22:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Thu, 05 Mar 2026 14:30:00 +0000

Type Values Removed Values Added
Description Avira Internet Security contains a deserialization of untrusted data vulnerability in the System Speedup component. The Avira.SystemSpeedup.RealTimeOptimizer.exe process, which runs with SYSTEM privileges, deserializes data from a file located in C:\\ProgramData using .NET BinaryFormatter without implementing input validation or deserialization safeguards. Because the file can be created or modified by a local user in default configurations, an attacker can supply a crafted serialized payload that is deserialized by the privileged process, resulting in arbitrary code execution as SYSTEM.
Title Avira Internet Security System Speedup Insecure Deserialization
Weaknesses CWE-502
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Avira Avira Internet Security Suite Internet Security
Gen Digital Avira Internet Security
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-01T14:38:16.632Z

Reserved: 2026-02-23T21:38:48.842Z

Link: CVE-2026-27749

cve-icon Vulnrichment

Updated: 2026-03-06T18:17:12.528Z

cve-icon NVD

Status : Modified

Published: 2026-03-05T15:16:11.963

Modified: 2026-04-01T15:22:35.920

Link: CVE-2026-27749

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T04:45:16Z

Weaknesses