CVE-2026-2695 (GCVE-0-2026-2695)
Vulnerability from cvelistv5 – Published: 2026-05-13 16:09 – Updated: 2026-05-13 17:45
VLAI?
Title
Lack of Server-side validation in Instruction Input in TeamViewer DEX Platform (On-Premises)
Summary
A command
injection vulnerability was discovered in TeamViewer DEX Platform On-Premises
(former 1E DEX Platform On-Premises) prior to version 9.2. Improper input validation allows
authenticated users with at least questioner privileges to inject commands in specific
instructions. Exploitation could lead to execution of elevated commands on
devices connected to the platform.
Severity ?
6.3 (Medium)
CWE
- CWE-20 - Improper input validation
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TeamViewer | DEX (On-Premises) |
Affected:
0 , < 9.2
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2695",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T17:19:55.259243Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T17:45:24.249Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Platform"
],
"product": "DEX (On-Premises)",
"vendor": "TeamViewer",
"versions": [
{
"lessThan": "9.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lockheed Martin Red Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA command\ninjection vulnerability was discovered\u0026nbsp;in TeamViewer DEX Platform On-Premises\n(former 1E DEX Platform On-Premises) prior to version 9.2.\u0026nbsp;Improper input validation allows\nauthenticated users with at least questioner privileges to inject commands in specific\ninstructions. Exploitation could lead to execution of elevated commands on\ndevices connected to the platform.\u0026nbsp;\u003c/p\u003e"
}
],
"value": "A command\ninjection vulnerability was discovered\u00a0in TeamViewer DEX Platform On-Premises\n(former 1E DEX Platform On-Premises) prior to version 9.2.\u00a0Improper input validation allows\nauthenticated users with at least questioner privileges to inject commands in specific\ninstructions. Exploitation could lead to execution of elevated commands on\ndevices connected to the platform."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper input validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T16:09:08.776Z",
"orgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
"shortName": "TV"
},
"references": [
{
"url": "https://www.teamviewer.com/de/resources/trust-center/security-bulletins/tv-2026-1004/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to the latest version (v9.2 or the latest available version)."
}
],
"value": "Update to the latest version (v9.2 or the latest available version)."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Lack of Server-side validation in Instruction Input in TeamViewer DEX Platform (On-Premises)",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
"assignerShortName": "TV",
"cveId": "CVE-2026-2695",
"datePublished": "2026-05-13T16:09:08.776Z",
"dateReserved": "2026-02-18T14:30:36.890Z",
"dateUpdated": "2026-05-13T17:45:24.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-2695",
"date": "2026-05-19",
"epss": "0.00092",
"percentile": "0.25597"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-2695\",\"sourceIdentifier\":\"psirt@teamviewer.com\",\"published\":\"2026-05-13T17:16:19.453\",\"lastModified\":\"2026-05-13T18:10:51.227\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A command\\ninjection vulnerability was discovered\u00a0in TeamViewer DEX Platform On-Premises\\n(former 1E DEX Platform On-Premises) prior to version 9.2.\u00a0Improper input validation allows\\nauthenticated users with at least questioner privileges to inject commands in specific\\ninstructions. Exploitation could lead to execution of elevated commands on\\ndevices connected to the platform.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@teamviewer.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":3.4}]},\"weaknesses\":[{\"source\":\"psirt@teamviewer.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"references\":[{\"url\":\"https://www.teamviewer.com/de/resources/trust-center/security-bulletins/tv-2026-1004/\",\"source\":\"psirt@teamviewer.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-2695\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-13T17:19:55.259243Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-13T17:45:18.243Z\"}}], \"cna\": {\"title\": \"Lack of Server-side validation in Instruction Input in TeamViewer DEX Platform (On-Premises)\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Lockheed Martin Red Team\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"TeamViewer\", \"modules\": [\"Platform\"], \"product\": \"DEX (On-Premises)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"9.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Update to the latest version (v9.2 or the latest available version).\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Update to the latest version (v9.2 or the latest available version).\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.teamviewer.com/de/resources/trust-center/security-bulletins/tv-2026-1004/\"}], \"x_generator\": {\"engine\": \"Vulnogram 1.0.2\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A command\\ninjection vulnerability was discovered\\u00a0in TeamViewer DEX Platform On-Premises\\n(former 1E DEX Platform On-Premises) prior to version 9.2.\\u00a0Improper input validation allows\\nauthenticated users with at least questioner privileges to inject commands in specific\\ninstructions. Exploitation could lead to execution of elevated commands on\\ndevices connected to the platform.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eA command\\ninjection vulnerability was discovered\u0026nbsp;in TeamViewer DEX Platform On-Premises\\n(former 1E DEX Platform On-Premises) prior to version 9.2.\u0026nbsp;Improper input validation allows\\nauthenticated users with at least questioner privileges to inject commands in specific\\ninstructions. Exploitation could lead to execution of elevated commands on\\ndevices connected to the platform.\u0026nbsp;\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20 Improper input validation\"}]}], \"providerMetadata\": {\"orgId\": \"13430f76-86eb-43b2-a71c-82c956ef31b6\", \"shortName\": \"TV\", \"dateUpdated\": \"2026-05-13T16:09:08.776Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-2695\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-13T17:45:24.249Z\", \"dateReserved\": \"2026-02-18T14:30:36.890Z\", \"assignerOrgId\": \"13430f76-86eb-43b2-a71c-82c956ef31b6\", \"datePublished\": \"2026-05-13T16:09:08.776Z\", \"assignerShortName\": \"TV\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…