discoveredarbitrary code execution as SYSTEMLPE
CVE-2026-27749
Avira System Speedup insecure deserialization
Avira.SystemSpeedup.RealTimeOptimizer.exe deserialized a user-creatable ProgramData file with BinaryFormatter while running as SYSTEM, allowing local code execution as SYSTEM. Avira 1.1.109.1990 and below were affected; 1.1.114.3113 contains the fix.