Login Sign Up

Gfi Security Vulnerabilities (CVEs)

Track 19 security vulnerabilities affecting Gfi products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.

5 Critical
5 High
9 Medium
🔔 Get Alerts for Gfi
CVE-2026-2036 8.8

This vulnerability allows remote authenticated attackers to bypass authentication and execute arbitrary code with SYSTEM privileges on GFI Archiver in...

Feb 20, 2026
CVE-2026-2038 9.8

This vulnerability allows remote attackers to bypass authentication on GFI Archiver installations without requiring credentials. The flaw exists in th...

Feb 20, 2026
CVE-2026-23616 5.4

This stored XSS vulnerability in GFI MailEssentials AI allows authenticated users to inject malicious scripts into the Anti-Spoofing configuration pag...

Feb 19, 2026
CVE-2026-23618 5.4

This stored XSS vulnerability in GFI MailEssentials AI allows authenticated users to inject malicious scripts into the spam keyword checking interface...

Feb 19, 2026
CVE-2026-23620 4.3

GFI MailEssentials AI versions before 22.4 contain an authenticated file enumeration vulnerability. An authenticated attacker can check whether arbitr...

Feb 19, 2026
CVE-2026-23614 5.4

This stored cross-site scripting vulnerability in GFI MailEssentials AI allows authenticated users to inject malicious scripts into the Sender Policy ...

Feb 19, 2026
CVE-2026-23608 5.4

GFI MailEssentials AI versions before 22.4 contain a stored cross-site scripting vulnerability in the Mail Monitoring rule creation endpoint. An authe...

Feb 19, 2026
CVE-2026-23610 5.4

GFI MailEssentials AI versions before 22.4 contain a stored cross-site scripting vulnerability in the POP2Exchange configuration endpoint. An authenti...

Feb 19, 2026
CVE-2026-23612 5.4

This stored cross-site scripting vulnerability in GFI MailEssentials AI allows authenticated users to inject malicious scripts into the IP DNS Blockli...

Feb 19, 2026
CVE-2026-23604 5.4

This stored XSS vulnerability in GFI MailEssentials AI allows authenticated users to inject malicious scripts into the keyword filtering rule creation...

Feb 19, 2026
CVE-2026-23606 5.4

This stored cross-site scripting vulnerability in GFI MailEssentials AI allows authenticated users to inject malicious scripts into the Advanced Conte...

Feb 19, 2026
CVE-2025-34069 9.8

This authentication bypass vulnerability in GFI Kerio Control allows unauthenticated attackers to gain full administrative access to the firewall appl...

Jul 2, 2025
CVE-2025-34071 9.8

This critical vulnerability in GFI Kerio Control allows attackers with administrative access to upload malicious firmware images and execute arbitrary...

Jul 2, 2025
CVE-2025-34489 7.8

GFI MailEssentials versions before 21.8 contain a local privilege escalation vulnerability where an attacker with local access can send a crafted seri...

Apr 28, 2025
CVE-2024-52875 8.8

This vulnerability in GFI Kerio Control allows attackers to perform open redirect, HTTP response splitting, and reflected cross-site scripting (XSS) a...

Jan 31, 2025
CVE-2024-11947 8.8

This vulnerability allows authenticated remote attackers to execute arbitrary code with SYSTEM privileges on GFI Archiver installations. The flaw exis...

Dec 12, 2024
CVE-2024-11948 9.8

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code on GFI Archiver installations. The flaw exists in the pr...

Dec 12, 2024
CVE-2023-25267 8.8

This vulnerability allows authenticated attackers to trigger a stack-based buffer overflow in GFI Kerio Connect's webmail component by sending special...

Mar 15, 2023
CVE-2021-29281 9.8

This vulnerability allows unauthenticated attackers to upload arbitrary files to GFI Mail Archiver servers via insecure Telerik Web UI components. It ...

Jul 7, 2022

Why Monitor Gfi Security Vulnerabilities?

Real-time CVE tracking: Our automated system monitors 19+ known vulnerabilities affecting Gfi products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.

Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Gfi packages in under 60 seconds. No agents required - completely agentless scanning that works across Gfi deployments.

Free vulnerability database: Access detailed information about every Gfi CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.

🚀 Get Started in 60 Seconds

  • Register free account & add your servers
  • Run one-time scan or schedule automatic monitoring (every 1-24 hours)
  • Receive instant alerts when new Gfi CVEs affect your systems
  • Access dashboard with severity breakdown & fix instructions
Start Monitoring Gfi CVEs Free