Cyber Resilience

CVE-2026-2036

HighRCE

Published: 20 February 2026

Published
20 February 2026
Modified
24 February 2026
KEV Added
Patch
CVSS Score v3 8.8 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0107 60.6th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-2036 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Gfi Archiver. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 39.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2026-2036 is a deserialization of untrusted data vulnerability in GFI Archiver that permits remote code execution. The flaw resides in the configuration of the MArc.Store.Remoting.exe process and stems from insufficient validation of user-supplied data, allowing an attacker to trigger deserialization that executes arbitrary code. The affected component is MArc.Store within GFI Archiver installations, and successful exploitation grants code execution in the context of the SYSTEM account.

Remote attackers can leverage the issue after bypassing the product's existing authentication controls. With the ability to supply crafted data over the network, an adversary can achieve full control of the affected system without further user interaction. The vulnerability carries a CVSS 3.0 score of 8.8 and is tracked under CWE-502.

The Zero Day Initiative advisory ZDI-26-076 addresses the issue as ZDI-CAN-27936. Exploitation probability as measured by EPSS rose from a baseline of 0.0055 to a peak of 0.0103, indicating that interest in the flaw increased after disclosure.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

GFI Archiver MArc.Store Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be…

more

bypassed. The specific flaw exists within the configuration of the MArc.Store.Remoting.exe process. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-27936.

CWE(s)

Related Threats

CVEs Like This One

CVE-2026-2037Same product: Gfi Archiver
CVE-2026-2038Same product: Gfi Archiver
CVE-2026-2039Same product: Gfi Archiver
CVE-2024-52875Same vendor: Gfi
CVE-2025-62368Shared CWE-502
CVE-2025-68903Shared CWE-502
CVE-2024-57764Shared CWE-502
CVE-2025-67911Shared CWE-502
CVE-2025-54014Shared CWE-502
CVE-2025-50460Shared CWE-502

Affected Assets

gfi
archiver
15.10

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of user-supplied data before deserialization, blocking the untrusted-data flaw in MArc.Store.Remoting.exe.

prevent

Enforces access-control decisions so that the documented authentication bypass cannot be used to reach the deserialization path.

detect

Requires integrity verification of software and data, enabling detection of unauthorized code introduced via malicious deserialization.

References