Avira Internet Security Arbitrary File Deletion via Improper Link Resolution

Advisories

Avira Internet Security Arbitrary File Deletion via Improper Link Resolution

severity: high
date: 3/5/2026
Affecting: Avira Internet Security <= 1.1.109.1990, confirmed to be fixed in 1.1.114.3113
CVE: CVE-2026-27748
CWE: CWE-59 Improper Link Resolution Before File Access ('Link Following')
CVSS: 8.5
CVSS V4 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
References: Quarkslab Blog
Avira Release Notes
Avira Product Page
Credit: Quarkslab
Description: Avira Internet Security contains an improper link resolution vulnerability in the Software Updater component. During the update process, a privileged service running as SYSTEM deletes a file under C:\\\\ProgramData without validating whether the path resolves through a symbolic link or reparse point. A local attacker can create a malicious link to redirect the delete operation to an arbitrary file, resulting in deletion of attacker-chosen files with SYSTEM privileges. This may lead to local privilege escalation, denial of service, or system integrity compromise depending on the targeted file and operating system configuration.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.

Vulnerability Prioritization
Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
Early Warning System
Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.

Schedule a Demo