Insecure Deserialization Vulnerability in Avira Internet Security System Speedup
CVE-2026-27749

8.5HIGH

Key Information:

Vendor

Gen Digital Inc.

Status
Avira Internet Security
Vendor
CVE Published:
5 March 2026

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2026-27749?

Avira Internet Security has a vulnerability in the System Speedup component that allows deserialization of untrusted data. The affected process, Avira.SystemSpeedup.RealTimeOptimizer.exe, runs with SYSTEM privileges and does not validate input or implement safeguards during the deserialization process. An attacker can exploit this by crafting a malicious serialized payload in a file located at C:\ProgramData. Since local users can create or modify this file under default settings, successful exploitation can lead to arbitrary code execution with elevated system permissions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Avira Internet Security Windows 0 <= 1.1.109.1990

Avira Internet Security Windows 1.1.114.3113

References

https://support.avira.com/hc/en-us/articles/360010656158-...
release-notes
https://www.avira.com/en/internet-security
product
https://www.gendigital.com/us/en/contact-us/security-advi...
vendor-advisory

CVSS V4

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Quarkslab
JSON
.