discoveredarbitrary folder delete as SYSTEMLPE
CVE-2026-27750
Avira Optimizer TOCTOU folder deletion
Avira Optimizer did not revalidate a user-controlled path between scanning and SYSTEM-level cleanup, enabling a junction swap that deletes Config.msi and leads to SYSTEM privileges. Avira 1.1.109.1990 and below were affected; 1.1.114.3113 contains the fix.