{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T02:28:23.985","vulnerabilities":[{"cve":{"id":"CVE-2026-27748","sourceIdentifier":"security@nortonlifelock.com","published":"2026-03-05T15:16:11.747","lastModified":"2026-04-01T15:22:35.473","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Avira Internet Security contains an improper link resolution vulnerability in the Software Updater component. During the update process, a privileged service running as SYSTEM deletes a file under C:\\\\ProgramData without validating whether the path resolves through a symbolic link or reparse point. A local attacker can create a malicious link to redirect the delete operation to an arbitrary file, resulting in deletion of attacker-chosen files with SYSTEM privileges. This may lead to local privilege escalation, denial of service, or system integrity compromise depending on the targeted file and operating system configuration."},{"lang":"es","value":"Avira Internet Security contiene una vulnerabilidad de resolución de enlaces incorrecta en el componente Software Updater. Durante el proceso de actualización, un servicio privilegiado ejecutándose como SYSTEM elimina un archivo bajo C:\\\\ProgramData sin validar si la ruta se resuelve a través de un enlace simbólico o un punto de reanálisis. Un atacante local puede crear un enlace malicioso para redirigir la operación de eliminación a un archivo arbitrario, resultando en la eliminación de archivos elegidos por el atacante con privilegios de SYSTEM. Esto puede llevar a una escalada de privilegios local, denegación de servicio o compromiso de la integridad del sistema dependiendo del archivo objetivo y la configuración del sistema operativo."}],"metrics":{"cvssMetricV31":[{"source":"security@nortonlifelock.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"security@nortonlifelock.com","type":"Secondary","description":[{"lang":"en","value":"CWE-59"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:avira:internet_security:*:*:*:*:*:windows:*:*","versionEndExcluding":"1.1.114.3113","matchCriteriaId":"DFB6EFB7-8777-4A9B-9A00-2FBEE12A7090"}]}]}],"references":[{"url":"https://support.avira.com/hc/en-us/articles/360010656158-Current-Avira-versions","source":"security@nortonlifelock.com","tags":["Release Notes"]},{"url":"https://www.avira.com/en/internet-security","source":"security@nortonlifelock.com","tags":["Product"]},{"url":"https://www.gendigital.com/us/en/contact-us/security-advisories/","source":"security@nortonlifelock.com"}]}}]}