Skip to main content

Avira Antivirus CVE-2026-6676

| EUVD-2026-36631 HIGH
Out-of-bounds Write (CWE-787)
2026-06-12 GEN GHSA-c89p-wq36-89h3
Microsoft Memory Corruption Buffer Overflow Apple Avira Antivirus
7.8
CVSS 3.1 · Vendor: GEN
Share

Severity by source

Vendor (GEN) PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
vuln.today AI
7.8 HIGH

Local because the tar must reach the scanner's filesystem; UI:R since a file must be received; PR:N as the scanner auto-parses; C/I/A:H from code execution in privileged engine.

3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (GEN).

CVSS VectorVendor: GEN

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Patch available
Jun 13, 2026 - 02:00 EUVD
Analysis Generated
Jun 12, 2026 - 23:16 vuln.today
CVE Published
Jun 12, 2026 - 22:16 cve.org
HIGH 7.8

DescriptionCVE.org

Heap buffer out-of-bounds write vulnerability in Avira Antivirus engine when scanning a malformed POSIX tar archive may allow Local Execution of Code or Denial-of-Service of the antivirus engine process.

This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.27.12.

AnalysisAI

Local code execution in Avira Antivirus engine builds prior to 8.3.27.12 on Windows, macOS, and Linux occurs when the scanner parses a malformed POSIX tar archive, triggering a heap out-of-bounds write that can either crash the AV process (DoS) or execute attacker code in the scanner's context. No public exploit identified at time of analysis, but the on-access scanning model means a victim only has to write the malicious tar to disk for the engine to touch it. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft malformed POSIX tar archive
Delivery
Deliver via email/web/USB to target
Exploit
File written to disk triggers on-access scan
Execution
Heap OOB write in engine parser
Persist
Hijack control flow in privileged AV process
Impact
Execute code as SYSTEM/root
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Target endpoint must be running an Avira Antivirus engine build earlier than 8.3.27.12 with archive scanning enabled (the default) on Windows, macOS, or Linux. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment CVSS 7.8 with AV:L/AC:L/PR:N/UI:R reflects local attack vector with required user interaction, but in AV scanners 'user interaction' is unusually cheap - the user merely has to receive a file (email attachment, download, USB) which the on-access scanner then opens automatically, effectively converting UI:R into passive triggering. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker emails a malformed POSIX tar archive to a target, or hosts it on a watering-hole site; when the file lands on disk, Avira's on-access scanner automatically parses it and triggers the heap out-of-bounds write inside the privileged engine process. Successful exploitation yields code execution as SYSTEM (Windows) or root (macOS/Linux), and at minimum an unsuccessful corruption crashes the engine, leaving the endpoint unprotected. …
Remediation Upgrade the Avira Antivirus scan engine to build 8.3.27.12 or later on all Windows, macOS, and Linux endpoints; in most Avira deployments the engine updates automatically with definition updates, so verify that engine auto-update is enabled and confirm the installed engine version post-update via the product UI or management console. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

24 hours: Identify all systems running Avira Antivirus engine and their version numbers; document build versions against the vulnerable range (below 8.3.27.12) and create an exposure list. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2025-7002 HIGH
7.8 Jun 12

Local code execution and denial-of-service in Avira Antivirus engine builds before 8.3.70.68 allow an attacker to compro
CVE-2025-7003 HIGH
7.8 Jun 12

Out-of-bounds heap read in the Avira Antivirus scanning engine triggers when the engine parses a malformed PDF, allowing
CVE-2025-7017 HIGH
7.8 Jun 12

Local code execution or denial-of-service in Avira Antivirus engine builds prior to 8.3.70.56 occurs when the scanner pa
CVE-2025-14098 HIGH
7.8 Jun 12

Local code execution in Avira Antivirus engine builds before 8.3.70.104 on Windows, macOS, and Linux allows attackers to
CVE-2025-9032 HIGH
7.8 Jun 12

Heap out-of-bounds read in the Avira Antivirus scanning engine on Windows, macOS, and Linux (engine builds before 8.3.70

Share

CVE-2026-6676 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy