CRITICAL🇵🇱 Wersja polska

CVE-2026-2039

CVSS 9.8v3.1pub. 2026-02-20upd. 2026-02-24

GFI Archiver MArc.Store Missing Authorization Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the MArc.Store.Remoting.exe process, which listens on port 8018. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of SYSTEM. Was ZDI-CAN-28597.

🤖 AI Analysis
How it works

The MArc.Store.Remoting.exe process listens on port 8018 and exposes functionality without verifying the identity or permissions of the caller (CWE-862 — missing required authorization). An attacker can remotely communicate with this process without any authentication and gain access to its functions. Exploiting this vulnerability in combination with other vulnerabilities enables escalation to code execution in the context of the SYSTEM account.

Impact

An attacker can bypass authentication and gain unauthorized access to service functions, and subsequently — through an exploit chain — execute arbitrary code with SYSTEM privileges on the vulnerable server.

Mitigation & patch

Patches available from the manufacturer should be applied according to the references. Additionally, it is recommended to restrict network access to port 8018 (e.g., using a firewall or ACL rules) exclusively to authorized hosts until the patch is deployed.

Who is affected

GFI Archiver — versions indicated in the manufacturer's references and in the Zero Day Initiative advisory (ZDI-26-077)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Gfi Archiver

    APP
    Gfi
    15.10
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2026-2038CRITICAL9.8PL ✓ten sam produkt

GFI Archiver MArc.Core — pominięcie autoryzacji (Authentication Bypass)

CVE-2024-11948CRITICAL9.8PL ✓ten sam produkt

GFI Archiver – RCE przez podatną wersję Telerik Web UI

CVE-2021-29281CRITICAL9.8ten sam produkt

File upload vulnerability in GFI Mail Archiver versions up to and including 15.1 via insecure implementation o...

CVE-2026-2037HIGH8.8ten sam produkt

GFI Archiver MArc.Core Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerabili...

CVE-2026-2036HIGH8.8ten sam produkt

GFI Archiver MArc.Store Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerabil...