Strix
26.1K

CVE-2026-27750

HIGHCVSS 7/10EPSS 0.10%

Last modified

CVE-2026-27750 is a high-severity vulnerability rated 7/10 on the CVSS scale. Avira Internet Security contains a time-of-check time-of-use (TOCTOU) vulnerability in the Optimizer component. A privileged service running as SYSTEM identifies directories for cleanup during a scan phase and subsequently deletes them during a separate cleanup phase without revalidating the target path. EPSS estimates a 0.10% chance of exploitation in the next 30 days.

Description

Avira Internet Security contains a time-of-check time-of-use (TOCTOU) vulnerability in the Optimizer component. A privileged service running as SYSTEM identifies directories for cleanup during a scan phase and subsequently deletes them during a separate cleanup phase without revalidating the target path. A local attacker can replace a previously scanned directory with a junction or reparse point before deletion occurs, causing the privileged process to delete an unintended system location. This may result in deletion of protected files or directories and can lead to local privilege escalation, denial of service, or system integrity compromise depending on the affected target.

Metrics

CVSS 3.1
7/10

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.10%

1.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
AviraInternet Security< 1.1.114.3113

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2026-27750?
Avira Internet Security contains a time-of-check time-of-use (TOCTOU) vulnerability in the Optimizer component. A privileged service running as SYSTEM identifies directories for cleanup during a scan phase and subsequently deletes them during a separate cleanup phase without revalidating the target path. A local attacker can replace a previously scanned directory with a junction or reparse point before deletion occurs, causing the privileged process to delete an unintended system location. This may result in deletion of protected files or directories and can lead to local privilege escalation, denial of service, or system integrity compromise depending on the affected target.
How severe is CVE-2026-27750?
CVE-2026-27750 has a CVSS score of 7/10 (HIGH severity). The EPSS model estimates a 0.10% probability of exploitation in the next 30 days.
How do I fix CVE-2026-27750?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2026-27750?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST