{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2026-27749", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-02-23T21:38:48.842Z", "datePublished": "2026-03-05T14:15:35.580Z", "dateUpdated": "2026-04-01T14:38:16.632Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e", "shortName": "GEN", "dateUpdated": "2026-04-01T14:38:16.632Z"}, "title": "Avira Internet Security System Speedup Insecure Deserialization", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "type": "CWE"}]}], "impacts": [{"descriptions": [{"lang": "en", "value": "A local user can influence a privileged System Speedup process to deserialize untrusted data, potentially achieving privilege escalation to SYSTEM."}]}, {"descriptions": [{"lang": "en", "value": "Untrusted serialized input may lead to execution of arbitrary code in the security context of the privileged optimizer component."}]}], "affected": [{"vendor": "Gen Digital Inc.", "product": "Avira Internet Security", "platforms": ["Windows"], "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "1.1.109.1990", "versionType": "semver"}, {"status": "unaffected", "version": "1.1.114.3113", "versionType": "semver"}], "defaultStatus": "unaffected"}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:avira:avira_internet_security_suite:*:*:*:*:*:windows:*:*", "versionEndIncluding": "1.1.109.1990", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Avira Internet Security contains a deserialization of untrusted data vulnerability in the System Speedup component. The Avira.SystemSpeedup.RealTimeOptimizer.exe process, which runs with SYSTEM privileges, deserializes data from a file located in C:\\\\ProgramData using .NET BinaryFormatter without implementing input validation or deserialization safeguards. Because the file can be created or modified by a local user in default configurations, an attacker can supply a crafted serialized payload that is deserialized by the privileged process, resulting in arbitrary code execution as SYSTEM.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Avira Internet Security contains a deserialization of untrusted data vulnerability in the System Speedup component. The Avira.SystemSpeedup.RealTimeOptimizer.exe process, which runs with SYSTEM privileges, deserializes data from a file located in C:\\\\ProgramData using .NET BinaryFormatter without implementing input validation or deserialization safeguards. Because the file can be created or modified by a local user in default configurations, an attacker can supply a crafted serialized payload that is deserialized by the privileged process, resulting in arbitrary code execution as SYSTEM.</p>"}]}], "references": [{"url": "https://support.avira.com/hc/en-us/articles/360010656158-Current-Avira-versions", "tags": ["release-notes"]}, {"url": "https://www.avira.com/en/internet-security", "tags": ["product"]}, {"url": "https://www.gendigital.com/us/en/contact-us/security-advisories/", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "solutions": [{"lang": "en", "value": "Upgrade Avira Internet Security for Windows to version 1.1.114.3113 or later. Apply updates through the product's built-in updater or a fresh install from the vendor; see the release-notes reference in this record for current supported versions.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Upgrade Avira Internet Security for Windows to version 1.1.114.3113 or later. Apply updates through the product's built-in updater or a fresh install from the vendor; see the release-notes reference in this record for current supported versions.</p>"}]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-06T18:17:05.292085Z", "id": "CVE-2026-27749", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-06T18:17:15.860Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27749", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-06T18:17:05.292085Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-06T18:17:12.528Z"}}], "cna": {"title": "Avira Internet Security System Speedup Insecure Deserialization", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Quarkslab"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Gen Digital Inc.", "product": "Avira Internet Security", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.1.109.1990"}, {"status": "unaffected", "version": "1.1.114.3113"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "references": [{"url": "https://blog.quarkslab.com/avira-deserialize-delete-and-escalate-the-proper-way-to-use-an-av.html", "tags": ["technical-description", "exploit"]}, {"url": "https://support.avira.com/hc/en-us/articles/360010656158-Current-Avira-versions", "tags": ["release-notes"]}, {"url": "https://www.avira.com/en/internet-security", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/avira-internet-security-system-speedup-insecure-deserialization", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Avira Internet Security contains a deserialization of untrusted data vulnerability in the System Speedup component. The Avira.SystemSpeedup.RealTimeOptimizer.exe process, which runs with SYSTEM privileges, deserializes data from a file located in C:\\\\ProgramData using .NET BinaryFormatter without implementing input validation or deserialization safeguards. Because the file can be created or modified by a local user in default configurations, an attacker can supply a crafted serialized payload that is deserialized by the privileged process, resulting in arbitrary code execution as SYSTEM.", "supportingMedia": [{"type": "text/html", "value": "Avira Internet Security contains a deserialization of untrusted data vulnerability in the System Speedup component. The Avira.SystemSpeedup.RealTimeOptimizer.exe process, which runs with SYSTEM privileges, deserializes data from a file located in C:\\\\ProgramData using .NET BinaryFormatter without implementing input validation or deserialization safeguards. Because the file can be created or modified by a local user in default configurations, an attacker can supply a crafted serialized payload that is deserialized by the privileged process, resulting in arbitrary code execution as SYSTEM.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:avira:avira_internet_security_suite:*:*:*:*:*:windows:*:*", "vulnerable": true, "versionEndIncluding": "1.1.109.1990"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-27T20:07:56.492Z"}}}, "cveMetadata": {"cveId": "CVE-2026-27749", "state": "PUBLISHED", "dateUpdated": "2026-03-27T20:07:56.492Z", "dateReserved": "2026-02-23T21:38:48.842Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-05T14:15:35.580Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:avira:internet_security:*:*:*:*:*:windows:*:*", "matchCriteriaId": "DFB6EFB7-8777-4A9B-9A00-2FBEE12A7090", "versionEndExcluding": "1.1.114.3113", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Avira Internet Security contains a deserialization of untrusted data vulnerability in the System Speedup component. The Avira.SystemSpeedup.RealTimeOptimizer.exe process, which runs with SYSTEM privileges, deserializes data from a file located in C:\\\\ProgramData using .NET BinaryFormatter without implementing input validation or deserialization safeguards. Because the file can be created or modified by a local user in default configurations, an attacker can supply a crafted serialized payload that is deserialized by the privileged process, resulting in arbitrary code execution as SYSTEM."}, {"lang": "es", "value": "Avira Internet Security contiene una vulnerabilidad de deserializaci\u00f3n de datos no confiables en el componente System Speedup. El proceso Avira.SystemSpeedup.RealTimeOptimizer.exe, que se ejecuta con privilegios del SISTEMA, deserializa datos de un archivo ubicado en C:\\\\ProgramData utilizando .NET BinaryFormatter sin implementar validaciones de entrada ni medidas de seguridad para la deserializaci\u00f3n. Dado que el archivo puede ser creado o modificado por un usuario local en las configuraciones predeterminadas, un atacante puede proporcionar una carga \u00fatil serializada dise\u00f1ada que sea deserializada por el proceso con privilegios, lo que da lugar a la ejecuci\u00f3n de c\u00f3digo arbitrario como SYSTEM."}], "id": "CVE-2026-27749", "lastModified": "2026-04-01T15:22:35.920", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "security@nortonlifelock.com", "type": "Secondary"}]}, "published": "2026-03-05T15:16:11.963", "references": [{"source": "security@nortonlifelock.com", "tags": ["Release Notes"], "url": "https://support.avira.com/hc/en-us/articles/360010656158-Current-Avira-versions"}, {"source": "security@nortonlifelock.com", "tags": ["Product"], "url": "https://www.avira.com/en/internet-security"}, {"source": "security@nortonlifelock.com", "url": "https://www.gendigital.com/us/en/contact-us/security-advisories/"}], "sourceIdentifier": "security@nortonlifelock.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "security@nortonlifelock.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": ["windows"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,1.1.109.1990]"}}, {"platform": ["windows"], "status": "unaffected", "versions": {"scheme": "generic", "value": "1.1.114.3113"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Avira Internet Security", "source": "cna", "vendor": "Gen Digital Inc."}, "product": "avira_internet_security", "vendor": "gen_digital"}], "created": "2026-03-06T15:07:38.117008+00:00", "updated": "2026-03-06T15:07:38.117113+00:00", "vendors": ["gen_digital", "gen_digital$PRODUCT$avira_internet_security"]}