{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T02:22:36.746","vulnerabilities":[{"cve":{"id":"CVE-2026-27749","sourceIdentifier":"security@nortonlifelock.com","published":"2026-03-05T15:16:11.963","lastModified":"2026-04-01T15:22:35.920","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Avira Internet Security contains a deserialization of untrusted data vulnerability in the System Speedup component. The Avira.SystemSpeedup.RealTimeOptimizer.exe process, which runs with SYSTEM privileges, deserializes data from a file located in C:\\\\ProgramData using .NET BinaryFormatter without implementing input validation or deserialization safeguards. Because the file can be created or modified by a local user in default configurations, an attacker can supply a crafted serialized payload that is deserialized by the privileged process, resulting in arbitrary code execution as SYSTEM."},{"lang":"es","value":"Avira Internet Security contiene una vulnerabilidad de deserialización de datos no confiables en el componente System Speedup. El proceso Avira.SystemSpeedup.RealTimeOptimizer.exe, que se ejecuta con privilegios del SISTEMA, deserializa datos de un archivo ubicado en C:\\\\ProgramData utilizando .NET BinaryFormatter sin implementar validaciones de entrada ni medidas de seguridad para la deserialización. Dado que el archivo puede ser creado o modificado por un usuario local en las configuraciones predeterminadas, un atacante puede proporcionar una carga útil serializada diseñada que sea deserializada por el proceso con privilegios, lo que da lugar a la ejecución de código arbitrario como SYSTEM."}],"metrics":{"cvssMetricV31":[{"source":"security@nortonlifelock.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@nortonlifelock.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:avira:internet_security:*:*:*:*:*:windows:*:*","versionEndExcluding":"1.1.114.3113","matchCriteriaId":"DFB6EFB7-8777-4A9B-9A00-2FBEE12A7090"}]}]}],"references":[{"url":"https://support.avira.com/hc/en-us/articles/360010656158-Current-Avira-versions","source":"security@nortonlifelock.com","tags":["Release Notes"]},{"url":"https://www.avira.com/en/internet-security","source":"security@nortonlifelock.com","tags":["Product"]},{"url":"https://www.gendigital.com/us/en/contact-us/security-advisories/","source":"security@nortonlifelock.com"}]}}]}