Avira Avira

  1. Vendors
  2. Avira

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Avira product.

RSS Feeds for Avira security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Avira products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Avira Sorted by Most Security Vulnerabilities since 2018

Avira Internet Security Suite4 vulnerabilities

Avira Antivirus3 vulnerabilities

Avira Security3 vulnerabilities

Avira Prime2 vulnerabilities

Avira Free Antivirus2 vulnerabilities

Avira Software Updater2 vulnerabilities

Avira Anti Malware Sdk1 vulnerability

Avira Antivirus Server1 vulnerability

Avira Antivirus For Endpoint1 vulnerability

Avira Antivirus Small Business1 vulnerability

Avira Exchange Security1 vulnerability

Avira Free Security Suite1 vulnerability

Avira Password Manager1 vulnerability

Avira Phantom Vpn1 vulnerability

Avira Premium Security Suite1 vulnerability

By the Year

In 2026 there have been 3 vulnerabilities in Avira with an average score of 7.8 out of ten. Avira did not have any published security vulnerabilities last year. That is, 3 more vulnerabilities have already been reported in 2026 as compared to last year.




Year Vulnerabilities Average Score
2026 3 7.80
2025 0 0.00
2024 1 0.00
2023 4 6.25
2022 2 7.65
2021 0 0.00
2020 5 0.00
2019 2 0.00

It may take a day or so for new Avira vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Avira Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-27748 Mar 05, 2026
Avira inetSec SoftwareUpdater link resolution deletion pre-v1.1.114 Avira Internet Security contains an improper link resolution vulnerability in the Software Updater component. During the update process, a privileged service running as SYSTEM deletes a file under C:\\ProgramData without validating whether the path resolves through a symbolic link or reparse point. A local attacker can create a malicious link to redirect the delete operation to an arbitrary file, resulting in deletion of attacker-chosen files with SYSTEM privileges. This may lead to local privilege escalation, denial of service, or system integrity compromise depending on the targeted file and operating system configuration.
Avira Internet Security Suite
CVE-2026-27749 Mar 05, 2026
Avira Internet Security <=1.1.109.1990 Deserialization in System Speedup RTO.exe Avira Internet Security contains a deserialization of untrusted data vulnerability in the System Speedup component. The Avira.SystemSpeedup.RealTimeOptimizer.exe process, which runs with SYSTEM privileges, deserializes data from a file located in C:\\ProgramData using .NET BinaryFormatter without implementing input validation or deserialization safeguards. Because the file can be created or modified by a local user in default configurations, an attacker can supply a crafted serialized payload that is deserialized by the privileged process, resulting in arbitrary code execution as SYSTEM.
Avira Internet Security Suite
CVE-2026-27750 Mar 05, 2026
Avira Internet Security 1.1.109.1990 TOCTOU Privilege Escalation Avira Internet Security contains a time-of-check time-of-use (TOCTOU) vulnerability in the Optimizer component. A privileged service running as SYSTEM identifies directories for cleanup during a scan phase and subsequently deletes them during a separate cleanup phase without revalidating the target path. A local attacker can replace a previously scanned directory with a junction or reparse point before deletion occurs, causing the privileged process to delete an unintended system location. This may result in deletion of protected files or directories and can lead to local privilege escalation, denial of service, or system integrity compromise depending on the affected target.
Avira Internet Security Suite
CVE-2023-51636 May 22, 2024
Avira Prime LPE via Symlink Abuse in Spotlight Service Avira Prime Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avira Prime. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avira Spotlight Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-21600.
Avira Prime
CVE-2023-36673 Aug 09, 2023
Avira Phantom VPN <=2.23.1 macOS ServerIP Leak: Plaintext Traffic to VPN IP An issue was discovered in Avira Phantom VPN through 2.23.1 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server's IP address is sent in plaintext outside the VPN tunnel, even if this traffic is not generated by the VPN client, while simultaneously using plaintext DNS to look up the VPN server's IP address. This allows an adversary to trick the victim into sending traffic to arbitrary IP addresses in plaintext outside the VPN tunnel. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to "ServerIP attack, combined with DNS spoofing, that can leak traffic to an arbitrary IP address" rather than to only Avira Phantom VPN.
Phantom Vpn
CVE-2023-1900 Apr 19, 2023
Avira EndpointPro Heap Overflow DDoS (fixed 1.0.2303.633) A vulnerability within the Avira network protection feature allowed an attacker with local execution rights to cause an overflow. This could corrupt the data on the heap and lead to a denial-of-service situation. Issue was fixed with Endpointprotection.exe version 1.0.2303.633
Antivirus
CVE-2022-4429 Jan 10, 2023
Unquoted Service Path DoS in Avira Security for Windows 1.1.78 Avira Security for Windows contains an unquoted service path which allows attackers with local administrative privileges to cause a Denial of Service. The issue was fixed with Avira Security version 1.1.78
Avira Security
CVE-2022-4294 Jan 10, 2023
CVE-2022-4294: PrivEsc Vulnerability in Norton/Avira/Avast/AVG Antivirus Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
Avira Security
CVE-2022-3368 Oct 17, 2022
Privilege Escalation in Avira Security <1.1.72.30556 via Software Updater A vulnerability within the Software Updater functionality of Avira Security for Windows allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avira Security version 1.1.72.30556.
Avira Security
CVE-2022-28795 Apr 12, 2022
A vulnerability within the Avira Password Manager Browser Extensions provided a potential loophole where A vulnerability within the Avira Password Manager Browser Extensions provided a potential loophole where, if a user visited a page crafted by an attacker, the discovered vulnerability could trigger the Password Manager Extension to fill in the password field automatically. An attacker could then access this information via JavaScript. The issue was fixed with the browser extensions version 2.18.5 for Chrome, MS Edge, Opera, Firefox, and Safari.
Password Manager
CVE-2020-12680 May 08, 2020
Avira Free Antivirus through 15.0.2005.1866 allows local users to discover user credentials Avira Free Antivirus through 15.0.2005.1866 allows local users to discover user credentials. The functions of the executable file Avira.PWM.NativeMessaging.exe are aimed at collecting credentials stored in Chrome, Firefox, Opera, and Edge. The executable does not verify the calling program and thus a request such as fetchChromePasswords or fetchCredentials will succeed. NOTE: some third parties have stated that this is "not a vulnerability.
Free Antivirus
CVE-2020-12463 May 05, 2020
An elevation of privilege vulnerability exists in Avira Software Updater before 2.0.6.27476 due to improperly handling file hard links An elevation of privilege vulnerability exists in Avira Software Updater before 2.0.6.27476 due to improperly handling file hard links. This allows local users to obtain take control of arbitrary files.
Software Updater
CVE-2020-12254 Apr 26, 2020
Avira Antivirus before 5.0.2003.1821 on Windows Avira Antivirus before 5.0.2003.1821 on Windows allows privilege escalation or a denial of service via abuse of a symlink.
Antivirus
CVE-2020-8961 Apr 09, 2020
An issue was discovered in Avira Free-Antivirus before 15.0.2004.1825 An issue was discovered in Avira Free-Antivirus before 15.0.2004.1825. The Self-Protection feature does not prohibit a write operation from an external process. Thus, code injection can be used to turn off this feature. After that, one can construct an event that will modify a file at a specific location, and pass this event to the driver, thereby defeating the anti-virus functionality.
Free Antivirus
CVE-2020-9320 Feb 20, 2020
Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a crafted ISO archive Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a crafted ISO archive. This affects versions before 8.3.54.138 of Antivirus for Endpoint, Antivirus for Small Business, Exchange Security (Gateway), Internet Security Suite for Windows, Prime, Free Security Suite for Windows, and Cross Platform Anti-malware SDK. NOTE: Vendor asserts that vulnerability does not exist in product
Anti Malware Sdk
Antivirus Server
Avira Antivirus For Endpoint
And others...
CVE-2019-18568 Dec 31, 2019
Avira Free Antivirus 15.0.1907.1514 is prone to a local privilege escalation through the execution of kernel code Avira Free Antivirus 15.0.1907.1514 is prone to a local privilege escalation through the execution of kernel code from a restricted user.
CVE-2019-17449 Oct 10, 2019
Avira Software Updater before 2.0.6.21094 allows a DLL side-loading attack Avira Software Updater before 2.0.6.21094 allows a DLL side-loading attack. NOTE: The vendor thinks that this vulnerability is invalid because exploiting it would require at least administrator privileges and would gain only SYSTEM privileges
Software Updater
CVE-2016-10402 Jul 27, 2017
Avira Antivirus engine versions before 8.3.36.60 Avira Antivirus engine versions before 8.3.36.60 allow remote code execution as NT AUTHORITY\SYSTEM via a section header with a very large relative virtual address in a PE file, causing an integer overflow and heap-based buffer underflow.
Antivirus
CVE-2010-5153 Aug 25, 2012
Race condition in Avira Premium Security Suite 10.0.0.536 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code Race condition in Avira Premium Security Suite 10.0.0.536 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute
Premium Security Suite
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.