CVE-2026-27750

Published: Mar 5, 2026

Modified: Apr 1, 2026

PUBLISHED

CVSS v3.1

7.8

HIGH

Description

Avira Internet Security contains a time-of-check time-of-use (TOCTOU) vulnerability in the Optimizer component. A privileged service running as SYSTEM identifies directories for cleanup during a scan phase and subsequently deletes them during a separate cleanup phase without revalidating the target path. A local attacker can replace a previously scanned directory with a junction or reparse point before deletion occurs, causing the privileged process to delete an unintended system location. This may result in deletion of protected files or directories and can lead to local privilege escalation, denial of service, or system integrity compromise depending on the affected target.

Vendor	Product	Versions
Gen Digital Inc.	Avira Internet Security	affected `0 - <= 1.1.109.1990` unaffected `1.1.114.3113`

Weaknesses (CWE)

CWE-367

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

https://support.avira.com/hc/en-us/articles/360010656158-Current-Avira-versions

release-notes

https://www.avira.com/en/internet-security

product

https://www.gendigital.com/us/en/contact-us/security-advisories/

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-27750

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References