Description
Avira Internet Security contains an improper link resolution vulnerability in the Software Updater component. During the update process, a privileged service running as SYSTEM deletes a file under C:\\ProgramData without validating whether the path resolves through a symbolic link or reparse point. A local attacker can create a malicious link to redirect the delete operation to an arbitrary file, resulting in deletion of attacker-chosen files with SYSTEM privileges. This may lead to local privilege escalation, denial of service, or system integrity compromise depending on the targeted file and operating system configuration.
Published: 2026-03-05
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Privilege Escalation and File Deletion
Action: Patch Immediately
AI Analysis

Impact

Avira Internet Security contains an improper link resolution flaw in its Software Updater component. During an update, a privileged service running as SYSTEM deletes files under C:\ProgramData without verifying whether the target path is a symbolic link or reparse point. If a local attacker creates a malicious link, the service can delete any file the link points to, effectively allowing the attacker to cause arbitrary file deletion with SYSTEM privileges. This vulnerability can lead to local privilege escalation, denial of service, or compromise of system integrity depending on the file targeted and the system configuration. The weakness is described by CWE-59.

Affected Systems

All releases of Gen Digital Inc.’s Avira Internet Security Suite and Internet Security for Windows running on Windows before version 1.1.114.3113 are affected. The issue resides in the updater component of these products. Updating to Avira Internet Security for Windows 1.1.114.3113 or later removes the flaw.

Risk and Exploitability

The CVSS score of 7.8 classifies the flaw as high. The EPSS score of less than 1% indicates a low probability of exploitation at present, and the vulnerability is not listed in CISA’s KEV catalog. Exploitation requires local access, with the attacker creating a malicious link and triggering the Software Updater to run. The local privileged nature of the attack means that, once leveraged, the attacker can delete any file at the SYSTEM level, potentially escalating privileges further or corrupting critical system files.

Generated by OpenCVE AI on April 15, 2026 at 22:43 UTC.

Remediation

Vendor Solution

Upgrade Avira Internet Security for Windows to version 1.1.114.3113 or later. Apply updates through the product's built-in updater or a fresh install from the vendor; see the release-notes reference in this record for current supported versions.

OpenCVE Recommended Actions

  • Update Avira Internet Security for Windows to version 1.1.114.3113 or later using the built‑in updater or by reinstalling the product.
  • Disable or stop the Software Updater service until the patch is applied to prevent the delete operation from occurring.
  • Audit C:\ProgramData for suspicious symbolic links or reparse points and remove any that are not necessary for legitimate application operation.

Generated by OpenCVE AI on April 15, 2026 at 22:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Fri, 13 Mar 2026 01:30:00 +0000

Type Values Removed Values Added
First Time appeared Avira internet Security
CPEs cpe:2.3:a:avira:internet_security:*:*:*:*:*:windows:*:*
Vendors & Products Avira internet Security

Fri, 06 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 06 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Gen Digital
Gen Digital avira Internet Security
Vendors & Products Gen Digital
Gen Digital avira Internet Security

Fri, 06 Mar 2026 11:15:00 +0000

Type Values Removed Values Added
First Time appeared Avira
Avira avira Internet Security Suite
CPEs cpe:2.3:a:avira:avira_internet_security_suite:*:*:*:*:*:windows:*:*
Vendors & Products Avira
Avira avira Internet Security Suite

Thu, 05 Mar 2026 22:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Thu, 05 Mar 2026 14:30:00 +0000

Type Values Removed Values Added
Description Avira Internet Security contains an improper link resolution vulnerability in the Software Updater component. During the update process, a privileged service running as SYSTEM deletes a file under C:\\ProgramData without validating whether the path resolves through a symbolic link or reparse point. A local attacker can create a malicious link to redirect the delete operation to an arbitrary file, resulting in deletion of attacker-chosen files with SYSTEM privileges. This may lead to local privilege escalation, denial of service, or system integrity compromise depending on the targeted file and operating system configuration.
Title Avira Internet Security Arbitrary File Deletion via Improper Link Resolution
Weaknesses CWE-59
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Avira Avira Internet Security Suite Internet Security
Gen Digital Avira Internet Security
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-01T14:37:46.139Z

Reserved: 2026-02-23T21:38:48.842Z

Link: CVE-2026-27748

cve-icon Vulnrichment

Updated: 2026-03-06T18:16:43.443Z

cve-icon NVD

Status : Modified

Published: 2026-03-05T15:16:11.747

Modified: 2026-04-01T15:22:35.473

Link: CVE-2026-27748

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T22:45:16Z

Weaknesses