CRITICAL🇵🇱 Wersja polska

CVE-2026-2038

CVSS 9.8v3.1pub. 2026-02-20upd. 2026-02-24

GFI Archiver MArc.Core Missing Authorization Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the MArc.Core.Remoting.exe process, which listens on port 8017. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of SYSTEM. Was ZDI-CAN-27934.

🤖 AI Analysis
How it works

The flaw lies in the configuration of the MArc.Core.Remoting.exe process, which listens on port 8017. This process does not require authorization before exposing its functionality, meaning any remote user can access it without authentication. The lack of access control (CWE-862) enables an attacker to chain this vulnerability with other flaws to escalate privileges to SYSTEM level.

Impact

An attacker can bypass authentication mechanisms and — by chaining this vulnerability with other flaws — execute arbitrary code in the SYSTEM account context, gaining full control over the compromised system.

Mitigation & patch

Apply patches available from the vendor according to the references provided. As a temporary security measure, it is recommended to restrict network access to port 8017 (e.g., using a firewall) exclusively to trusted hosts.

Who is affected

GFI Archiver — versions indicated in vendor references (the vulnerability affects installations with the MArc.Core.Remoting.exe process running and listening on port 8017)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Gfi Archiver

    APP
    Gfi
    15.10
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2026-2039CRITICAL9.8PL ✓ten sam produkt

GFI Archiver: Pominięcie autoryzacji w MArc.Store umożliwia RCE jako SYSTEM

CVE-2024-11948CRITICAL9.8PL ✓ten sam produkt

GFI Archiver – RCE przez podatną wersję Telerik Web UI

CVE-2021-29281CRITICAL9.8ten sam produkt

File upload vulnerability in GFI Mail Archiver versions up to and including 15.1 via insecure implementation o...

CVE-2026-2037HIGH8.8ten sam produkt

GFI Archiver MArc.Core Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerabili...

CVE-2026-2036HIGH8.8ten sam produkt

GFI Archiver MArc.Store Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerabil...