High severity7.8NVD Advisory· Published Mar 5, 2026· Updated Apr 1, 2026

CVE-2026-27750

Description

Avira Internet Security contains a time-of-check time-of-use (TOCTOU) vulnerability in the Optimizer component. A privileged service running as SYSTEM identifies directories for cleanup during a scan phase and subsequently deletes them during a separate cleanup phase without revalidating the target path. A local attacker can replace a previously scanned directory with a junction or reparse point before deletion occurs, causing the privileged process to delete an unintended system location. This may result in deletion of protected files or directories and can lead to local privilege escalation, denial of service, or system integrity compromise depending on the affected target.

Affected products

Avira/Internet Security
cpe:2.3:a:avira:internet_security:*:*:*:*:*:windows:*:*
Range: <1.1.114.3113

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.avira.com/hc/en-us/articles/360010656158-Current-Avira-versionsnvdRelease Notes
www.avira.com/en/internet-securitynvdProduct
www.gendigital.com/us/en/contact-us/security-advisories/nvd

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000