CVE-2026-27748

Name of the Vulnerable Software and Affected Versions Avira Internet Security (affected versions not specified)

Description An improper link resolution issue exists in the Software Updater component of Avira Internet Security. The Software Updater, running with SYSTEM privileges, deletes a file located at C:ProgramData without verifying if the path is a symbolic link or reparse point. A local attacker can create a malicious link to redirect the deletion to an arbitrary file, potentially leading to the deletion of attacker-selected files with SYSTEM privileges. This could result in local privilege escalation, denial of service, or compromise of system integrity, depending on the targeted file and operating system setup.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.