Avira Internet Security contains a deserialization of untrusted data vulnerability in the System Speedup component. The Avira.SystemSpeedup.RealTimeOptimizer.exe process, which runs with SYSTEM privileges, deserializes data from a file located in C:\\\\ProgramData using .NET BinaryFormatter without implementing input validation or deserialization safeguards. Because the file can be created or modified by a local user in default configurations, an attacker can supply a crafted serialized payload that is deserialized by the privileged process, resulting in arbitrary code execution as SYSTEM.
"}],"value":"Avira Internet Security contains a deserialization of untrusted data vulnerability in the System Speedup component. The Avira.SystemSpeedup.RealTimeOptimizer.exe process, which runs with SYSTEM privileges, deserializes data from a file located in C:\\\\ProgramData using .NET BinaryFormatter without implementing input validation or deserialization safeguards. Because the file can be created or modified by a local user in default configurations, an attacker can supply a crafted serialized payload that is deserialized by the privileged process, resulting in arbitrary code execution as SYSTEM."}],"impacts":[{"descriptions":[{"lang":"en","value":"A local user can influence a privileged System Speedup process to deserialize untrusted data, potentially achieving privilege escalation to SYSTEM."}]},{"descriptions":[{"lang":"en","value":"Untrusted serialized input may lead to execution of arbitrary code in the security context of the privileged optimizer component."}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-502","description":"CWE-502 Deserialization of Untrusted Data","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-01T14:38:16.632Z","orgId":"dbd8429d-f261-4b1e-94cc-ae3132817e2e","shortName":"GEN"},"references":[{"tags":["release-notes"],"url":"https://support.avira.com/hc/en-us/articles/360010656158-Current-Avira-versions"},{"tags":["product"],"url":"https://www.avira.com/en/internet-security"},{"tags":["vendor-advisory"],"url":"https://www.gendigital.com/us/en/contact-us/security-advisories/"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Upgrade Avira Internet Security for Windows to version 1.1.114.3113 or later. Apply updates through the product's built-in updater or a fresh install from the vendor; see the release-notes reference in this record for current supported versions.
"}],"value":"Upgrade Avira Internet Security for Windows to version 1.1.114.3113 or later. Apply updates through the product's built-in updater or a fresh install from the vendor; see the release-notes reference in this record for current supported versions."}],"title":"Avira Internet Security System Speedup Insecure Deserialization"}},"cveMetadata":{"assignerOrgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","assignerShortName":"VulnCheck","cveId":"CVE-2026-27749","datePublished":"2026-03-05T14:15:35.580Z","dateReserved":"2026-02-23T21:38:48.842Z","dateUpdated":"2026-04-01T14:38:16.632Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-03-05 15:16:11","lastModifiedDate":"2026-04-01 15:22:35","problem_types":["CWE-502","CWE-502 CWE-502 Deserialization of Untrusted Data"],"metrics":{"cvssMetricV31":[{"source":"security@nortonlifelock.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:avira:internet_security:*:*:*:*:*:windows:*:*","versionEndExcluding":"1.1.114.3113","matchCriteriaId":"DFB6EFB7-8777-4A9B-9A00-2FBEE12A7090"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"27749","Ordinal":"1","Title":"Avira Internet Security System Speedup Insecure Deserialization","CVE":"CVE-2026-27749","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"27749","Ordinal":"1","NoteData":"Avira Internet Security contains a deserialization of untrusted data vulnerability in the System Speedup component. The Avira.SystemSpeedup.RealTimeOptimizer.exe process, which runs with SYSTEM privileges, deserializes data from a file located in C:\\\\ProgramData using .NET BinaryFormatter without implementing input validation or deserialization safeguards. Because the file can be created or modified by a local user in default configurations, an attacker can supply a crafted serialized payload that is deserialized by the privileged process, resulting in arbitrary code execution as SYSTEM.","Type":"Description","Title":"Avira Internet Security System Speedup Insecure Deserialization"}]}}}