Gfi Archiver vulnerabilities
9 known vulnerabilities affecting gfi/archiver.
Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH5
Vulnerabilities
Page 1 of 1
CVE-2026-2039P2CRITICALCVSS 9.8v15.102026-02-20
CVE-2026-2039 [CRITICAL] CWE-862 CVE-2026-2039: GFI Archiver MArc.Store Missing Authorization Authentication Bypass Vulnerability. This vulnerabilit
GFI Archiver MArc.Store Missing Authorization Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the configuration of the MArc.Store.Remoting.exe process, whic
nvd
CVE-2026-2038P2CRITICALCVSS 9.8v15.102026-02-20
CVE-2026-2038 [CRITICAL] CWE-862 CVE-2026-2038: GFI Archiver MArc.Core Missing Authorization Authentication Bypass Vulnerability. This vulnerability
GFI Archiver MArc.Core Missing Authorization Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the configuration of the MArc.Core.Remoting.exe process, which
nvd
CVE-2024-11948P2CRITICALCVSS 9.8fixed in 15.7v15.62024-12-12
CVE-2024-11948 [CRITICAL] CWE-1395 CVE-2024-11948: GFI Archiver Telerik Web UI Remote Code Execution Vulnerability. This vulnerability allows remote at
GFI Archiver Telerik Web UI Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the product installer. The issue results from the use of a vulnerable versio
nvd
CVE-2026-2036P2HIGHCVSS 8.8v15.102026-02-20
CVE-2026-2036 [HIGH] CWE-502 CVE-2026-2036: GFI Archiver MArc.Store Deserialization of Untrusted Data Remote Code Execution Vulnerability. This
GFI Archiver MArc.Store Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists w
nvd
CVE-2026-2037P2HIGHCVSS 8.8v15.102026-02-20
CVE-2026-2037 [HIGH] CWE-502 CVE-2026-2037: GFI Archiver MArc.Core Deserialization of Untrusted Data Remote Code Execution Vulnerability. This v
GFI Archiver MArc.Core Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists w
nvd
CVE-2024-11947P2HIGHCVSS 8.8fixed in 15.7v15.62024-12-12
CVE-2024-11947 [HIGH] CWE-502 CVE-2024-11947: GFI Archiver Core Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. Thi
GFI Archiver Core Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is required to exploit this vulnerability.
The specific flaw exists within the Core Service, which listens on TCP port 8017 by d
nvd
CVE-2024-11949P2HIGHCVSS 8.8fixed in 15.7v15.62024-12-12
CVE-2024-11949 [HIGH] CWE-502 CVE-2024-11949: GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. Th
GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is required to exploit this vulnerability.
The specific flaw exists within the Store Service, which listens on TCP port 8018 by
nvd
CVE-2021-29281P3CRITICALCVSS 9.8fixed in 15.22022-07-07
CVE-2021-29281 [CRITICAL] CVE-2021-29281: File upload vulnerability in GFI Mail Archiver versions up to and including 15.1 via insecure implem
File upload vulnerability in GFI Mail Archiver versions up to and including 15.1 via insecure implementation of Telerik Web UI plugin which is affected by CVE-2014-2217, and CVE-2017-11317.
nvd
CVE-2025-35940P3HIGHCVSS 8.1≥ 15.7, ≤ 15.82025-06-10
CVE-2025-35940 [HIGH] CWE-798 CVE-2025-35940: The ArchiverSpaApi ASP.NET application uses a hard-coded JWT signing key. An unauthenticated remote
The ArchiverSpaApi ASP.NET application uses a hard-coded JWT signing key. An unauthenticated remote attacker can generate and use a verifiable JWT token to access protected ArchiverSpaApi URL endpoints.
nvd