Primary

Context

GFI Archiver Authentication Bypass Vulnerability Allowing Code Execution as SYSTEM

Vulnerability

Patched

An authentication bypass vulnerability has been identified in GFI Archiver. This issue arises from a missing authorization in the MArc.Core.Remoting.exe process, which listens on port 8017. The vulnerability allows remote attackers to bypass authentication and access functionalities without authorization. Exploitation of this vulnerability could be combined with other vulnerabilities to execute code in the context of the SYSTEM user.

Impact

Exploitation of this vulnerability allows for authentication bypass, with potential code execution in the context of the SYSTEM user.

Remediation

Users can upgrade to GFI Archiver version 15.11 to address this vulnerability.

Added: Feb 20, 2026, 11:23 PM

Updated: Feb 20, 2026, 11:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

10.0

exploitability

6.4

remediation

7.7

relevance

3.2

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

10.0

exploitability

6.4

remediation

7.7

relevance

3.2

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GFI Archiver Authentication Bypass Vulnerability Allowing Code Execution as SYSTEM

Vulnerability

Impact

Remediation

Affected Products

GFI Archiver

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating