What is the CVSS score of CVE-2026-27750?

CVE-2026-27750 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Internet Security are affected by CVE-2026-27750?

CVE-2026-27750 is a high-severity vulnerability in Internet Security that enables local attackers to delete protected files and escalate privileges to administrative levels.

How to fix or mitigate CVE-2026-27750?

Within 24 hours: Inventory all systems running affected Internet Security versions and assess user access controls; identify high-risk environments with guest or contractor access. Within 7 days: Implement file system monitoring and access controls to restrict deletion of critical system directories; disable unnecessary local user accounts; conduct security awareness training on social engineering. Within 30 days: Evaluate alternative security solutions; establish a vendor communication protocol for patch availability; deploy endpoint detection and response (EDR) tools to monitor for exploitation attempts.

Internet Security CVE-2026-27750

HIGH

Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)

2026-03-05 disclosure@vulncheck.com

Denial Of Service Privilege Escalation Internet Security

7.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.8 HIGH

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:06 vuln.today

CVE Published

Mar 05, 2026 - 15:16 nvd

HIGH 7.8

DescriptionCVE.org

Avira Internet Security contains a time-of-check time-of-use (TOCTOU) vulnerability in the Optimizer component. A privileged service running as SYSTEM identifies directories for cleanup during a scan phase and subsequently deletes them during a separate cleanup phase without revalidating the target path. A local attacker can replace a previously scanned directory with a junction or reparse point before deletion occurs, causing the privileged process to delete an unintended system location. This may result in deletion of protected files or directories and can lead to local privilege escalation, denial of service, or system integrity compromise depending on the affected target.

AnalysisAI

Internet Security contains a vulnerability that allows attackers to deletion of protected files or directories and can lead to local privilege escal (CVSS 7.8).

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Local attacker gains low-privileged account access

Delivery

Monitor Avira Optimizer scan phase

Exploit

Replace scanned directory with junction/reparse point

Execution

Privileged SYSTEM process deletes attacker-controlled target

Impact

Unintended system files deleted enabling privilege escalation

Access

Local attacker gains low-privileged account access

Delivery

Monitor Avira Optimizer scan phase

Exploit

Replace scanned directory with junction/reparse point

Execution

Privileged SYSTEM process deletes attacker-controlled target

Impact

Unintended system files deleted enabling privilege escalation

Vulnerability AssessmentAI

Exploitation	Local user account required on Windows system running Avira Internet Security with active Optimizer component. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 7.8 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker could exploit this vulnerability to deletion of protected files or directories and can lead to local privilege escal.
Remediation	Monitor vendor advisories for a patch. Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all systems running affected Internet Security versions and assess user access controls; identify high-risk environments with guest or contractor access. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-27750 vulnerability details – vuln.today

Back

Internet Security CVE-2026-27750

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code