discoveredarbitrary file delete as SYSTEMLPE before Windows 24H2system integrity compromise
CVE-2026-27748
Avira Software Updater arbitrary file deletion
Avira Software Updater followed an attacker-controlled symbolic link while deleting an OPSWAT component as SYSTEM, yielding arbitrary file deletion and, before Windows 24H2, a Config.msi LPE path. Avira 1.1.109.1990 and below were affected; 1.1.114.3113 contains the fix.