What is CVE-2026-2038?

CVE-2026-2038 is a high-severity vulnerability in Gfi Archiver, classified under Missing Authorization. CVSS score: 7.3/10. Published 2026-02-20.

How severe is CVE-2026-2038?

High severity. CVSS v3 base score is 7.3 out of 10.

Auth bypass in Gfi Archiver

CVE-2026-2038

GFI Archiver MArc.Core Missing Authorization Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authentication is not required to exploit this…

Vulnerability class: Broken Access Control

EPSS: 0.004 (57.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.3 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L.

Affected products

Gfi Archiver — versions 15.10

Weakness classification (CWE)

CWE-862 — Missing Authorization

References

ZDI-26-075 (x_research-advisory)

Frequently asked questions

What is CVE-2026-2038?: CVE-2026-2038 is a high-severity vulnerability in Gfi Archiver, classified under Missing Authorization. CVSS score: 7.3/10. Published 2026-02-20.
How severe is CVE-2026-2038?: High severity. CVSS v3 base score is 7.3 out of 10.