Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    105 vulnerabilities by TeamViewer

    CVE-2026-8381 (GCVE-0-2026-8381)

    Vulnerability from nvd – Published: 2026-05-22 08:29 – Updated: 2026-05-22 13:45
    VLAI
    Title
    Broken Access Control in TeamViewer DEX Platform (On Premises)
    Summary
    A broken access control vulnerability exists in the TeamViewer DEX Platform (On‑Premises) prior version 9.2. Certain backend API endpoints do not correctly enforce authorization checks, allowing an authenticated user with low privileges to perform actions and access resources intended only for higher‑privileged roles. An attacker with low‑privileged credentials may exploit this to gain unauthorized access to administrative or sensitive functionality.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-862 - – Missing Authorization
    Assigner
    TV
    Impacted products
    Vendor Product Version
    TeamViewer DEX (On-premises) Affected: 0 , < 9.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8381",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-22T13:45:22.203910Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-22T13:45:33.655Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DEX (On-premises)",
              "vendor": "TeamViewer",
              "versions": [
                {
                  "lessThan": "9.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA broken access\ncontrol vulnerability exists in the TeamViewer DEX Platform (On\u2011Premises) prior version 9.2. Certain backend API endpoints do not\ncorrectly enforce authorization checks, allowing an authenticated user with low\nprivileges to perform actions and access resources intended only for higher\u2011privileged roles.\u0026nbsp;\u003cspan\u003eAn attacker with\nlow\u003c/span\u003e\u003cspan\u003e\u2011\u003c/span\u003e\u003cspan\u003eprivileged credentials may exploit\nthis to gain unauthorized access to administrative or sensitive functionality.\u003c/span\u003e\u003c/p\u003e"
                }
              ],
              "value": "A broken access\ncontrol vulnerability exists in the TeamViewer DEX Platform (On\u2011Premises) prior version 9.2. Certain backend API endpoints do not\ncorrectly enforce authorization checks, allowing an authenticated user with low\nprivileges to perform actions and access resources intended only for higher\u2011privileged roles.\u00a0An attacker with\nlow\u2011privileged credentials may exploit\nthis to gain unauthorized access to administrative or sensitive functionality."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-122",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-122 Privilege Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 \u2013 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-22T08:29:16.451Z",
            "orgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
            "shortName": "TV"
          },
          "references": [
            {
              "url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1005/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eUpdate to the\nlatest version (9.2 or the latest version available).\u003c/p\u003e"
                }
              ],
              "value": "Update to the\nlatest version (9.2 or the latest version available)."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Broken Access Control in TeamViewer DEX Platform (On Premises)",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
        "assignerShortName": "TV",
        "cveId": "CVE-2026-8381",
        "datePublished": "2026-05-22T08:29:16.451Z",
        "dateReserved": "2026-05-12T08:47:56.307Z",
        "dateUpdated": "2026-05-22T13:45:33.655Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2695 (GCVE-0-2026-2695)

    Vulnerability from nvd – Published: 2026-05-13 16:09 – Updated: 2026-05-13 17:45
    VLAI
    Title
    Lack of Server-side validation in Instruction Input in TeamViewer DEX Platform (On-Premises)
    Summary
    A command injection vulnerability was discovered in TeamViewer DEX Platform On-Premises (former 1E DEX Platform On-Premises) prior to version 9.2. Improper input validation allows authenticated users with at least questioner privileges to inject commands in specific instructions. Exploitation could lead to execution of elevated commands on devices connected to the platform.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper input validation
    Assigner
    TV
    Impacted products
    Vendor Product Version
    TeamViewer DEX (On-Premises) Affected: 0 , < 9.2 (custom)
    Create a notification for this product.
    Credits
    Lockheed Martin Red Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2695",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T17:19:55.259243Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T17:45:24.249Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Platform"
              ],
              "product": "DEX (On-Premises)",
              "vendor": "TeamViewer",
              "versions": [
                {
                  "lessThan": "9.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Lockheed Martin Red Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA command\ninjection vulnerability was discovered\u0026nbsp;in TeamViewer DEX Platform On-Premises\n(former 1E DEX Platform On-Premises) prior to version 9.2.\u0026nbsp;Improper input validation allows\nauthenticated users with at least questioner privileges to inject commands in specific\ninstructions. Exploitation could lead to execution of elevated commands on\ndevices connected to the platform.\u0026nbsp;\u003c/p\u003e"
                }
              ],
              "value": "A command\ninjection vulnerability was discovered\u00a0in TeamViewer DEX Platform On-Premises\n(former 1E DEX Platform On-Premises) prior to version 9.2.\u00a0Improper input validation allows\nauthenticated users with at least questioner privileges to inject commands in specific\ninstructions. Exploitation could lead to execution of elevated commands on\ndevices connected to the platform."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper input validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T16:09:08.776Z",
            "orgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
            "shortName": "TV"
          },
          "references": [
            {
              "url": "https://www.teamviewer.com/de/resources/trust-center/security-bulletins/tv-2026-1004/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to the latest version (v9.2 or the latest available version)."
                }
              ],
              "value": "Update to the latest version (v9.2 or the latest available version)."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Lack of Server-side validation in Instruction Input in TeamViewer DEX Platform (On-Premises)",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
        "assignerShortName": "TV",
        "cveId": "CVE-2026-2695",
        "datePublished": "2026-05-13T16:09:08.776Z",
        "dateReserved": "2026-02-18T14:30:36.890Z",
        "dateUpdated": "2026-05-13T17:45:24.249Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-23572 (GCVE-0-2026-23572)

    Vulnerability from nvd – Published: 2026-02-05 11:51 – Updated: 2026-02-05 14:11
    VLAI
    Title
    Improper Access Control in TeamViewer clients
    Summary
    Improper access control in the TeamViewer Full and Host clients (Windows, macOS, Linux) prior version 15.74.5 allows an authenticated user to bypass additional access controls with “Allow after confirmation” configuration in a remote session. An exploit could result in unauthorized access prior to local confirmation. The user needs to be authenticated for the remote session via ID/password, Session Link, or Easy Access as a prerequisite to exploit this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    TV
    Impacted products
    Vendor Product Version
    TeamViewer Remote Affected: 0 , < 15.74.5 (custom)
    Create a notification for this product.
    TeamViewer Tensor Affected: 0 , < 15.74.5 (custom)
    Create a notification for this product.
    TeamViewer One Affected: 0 , < 15.74.5 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-23572",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-05T14:10:57.741868Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-05T14:11:05.910Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Full Client",
                "Host"
              ],
              "platforms": [
                "Windows",
                "MacOS",
                "Linux"
              ],
              "product": "Remote",
              "vendor": "TeamViewer",
              "versions": [
                {
                  "lessThan": "15.74.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Full Client",
                "Host"
              ],
              "platforms": [
                "Windows",
                "MacOS",
                "Linux"
              ],
              "product": "Tensor",
              "vendor": "TeamViewer",
              "versions": [
                {
                  "lessThan": "15.74.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Full Client",
                "Host"
              ],
              "platforms": [
                "Windows",
                "MacOS",
                "Linux"
              ],
              "product": "One",
              "vendor": "TeamViewer",
              "versions": [
                {
                  "lessThan": "15.74.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper access control in\u202fthe\u202fTeamViewer\u202fFull and Host clients\u202f(Windows,\u202fmacOS, Linux)\u202fprior\u202fversion\u202f15.74.5 allows an authenticated user\u202fto bypass\u202fadditional\u202faccess controls with\u202f\u201cAllow after\u202fconfirmation\u201d\u202fconfiguration\u202fin\u202fa\u202fremote session.\u202fAn exploit could result in unauthorized access prior to local confirmation.\u202fThe user needs to be authenticated for the remote session via ID/password, Session Link, or Easy Access as a prerequisite to exploit this vulnerability.\u202f\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e"
                }
              ],
              "value": "Improper access control in\u202fthe\u202fTeamViewer\u202fFull and Host clients\u202f(Windows,\u202fmacOS, Linux)\u202fprior\u202fversion\u202f15.74.5 allows an authenticated user\u202fto bypass\u202fadditional\u202faccess controls with\u202f\u201cAllow after\u202fconfirmation\u201d\u202fconfiguration\u202fin\u202fa\u202fremote session.\u202fAn exploit could result in unauthorized access prior to local confirmation.\u202fThe user needs to be authenticated for the remote session via ID/password, Session Link, or Easy Access as a prerequisite to exploit this vulnerability."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-180",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-05T11:51:20.224Z",
            "orgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
            "shortName": "TV"
          },
          "references": [
            {
              "url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1003/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate to the latest client version (15.74.5 or the latest version available).\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Update to the latest client version (15.74.5 or the latest version available)."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper Access Control in TeamViewer clients",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIf an immediate update of the client is not possible\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;and the use of \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eadditional\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;access controls is \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003erequired\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e, the access control setting \u201cControl this computer \u2013 Allow after Confirmation\u201d can be set as mitigation. This prevents exploitation. The access controls can be configured in the Client Settings \u2013 \u201cAdvanced Options \u0026gt; Advanced Settings for connections to this computer\u201d or via Policies \u201cAccess Control (incoming connections)\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u201d.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "If an immediate update of the client is not possible\u00a0and the use of additional\u00a0access controls is required, the access control setting \u201cControl this computer \u2013 Allow after Confirmation\u201d can be set as mitigation. This prevents exploitation. The access controls can be configured in the Client Settings \u2013 \u201cAdvanced Options \u003e Advanced Settings for connections to this computer\u201d or via Policies \u201cAccess Control (incoming connections)\u201d."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
        "assignerShortName": "TV",
        "cveId": "CVE-2026-23572",
        "datePublished": "2026-02-05T11:51:20.224Z",
        "dateReserved": "2026-01-14T13:54:40.322Z",
        "dateUpdated": "2026-02-05T14:11:05.910Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-23571 (GCVE-0-2026-23571)

    Vulnerability from nvd – Published: 2026-01-29 08:41 – Updated: 2026-01-29 16:53
    VLAI
    Title
    Command Injection in 1E-Nomad-RunPkgStatusRequest Instruction in TeamViewer DEX
    Summary
    A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-RunPkgStatusRequest instruction. Improper input validation allows authenticated attackers with actioner privilege to run elevated arbitrary commands on connected hosts via malicious commands injected into the instruction’s input field. Users of 1E Client version 24.5 or higher are not affected.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    TV
    Impacted products
    Vendor Product Version
    TeamViewer DEX Affected: 0 , ≤ 20 (custom)
    Create a notification for this product.
    Credits
    Lockheed Martin Red Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-23571",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-29T15:57:13.887818Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-29T16:53:17.959Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "1E-Nomad-RunPkgStatusRequest Instruction"
              ],
              "product": "DEX",
              "vendor": "TeamViewer",
              "versions": [
                {
                  "lessThanOrEqual": "20",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Lockheed Martin Red Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-RunPkgStatusRequest instruction. Improper input validation allows authenticated attackers with actioner privilege to run elevated arbitrary commands on connected hosts via malicious commands injected into the instruction\u2019s input field.\u0026nbsp;Users of 1E Client version 24.5 or higher are not affected."
                }
              ],
              "value": "A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-RunPkgStatusRequest instruction. Improper input validation allows authenticated attackers with actioner privilege to run elevated arbitrary commands on connected hosts via malicious commands injected into the instruction\u2019s input field.\u00a0Users of 1E Client version 24.5 or higher are not affected."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-248",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-248 Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-29T08:41:45.941Z",
            "orgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
            "shortName": "TV"
          },
          "references": [
            {
              "url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1002/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update the TeamViewer DEX Client (1E Client) to the latest available version.\u0026nbsp;Remove the instruction 1E-Nomad-RunPkgStatusRequest from DEX Portal."
                }
              ],
              "value": "Update the TeamViewer DEX Client (1E Client) to the latest available version.\u00a0Remove the instruction 1E-Nomad-RunPkgStatusRequest from DEX Portal."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Command Injection in 1E-Nomad-RunPkgStatusRequest Instruction in TeamViewer DEX",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
        "assignerShortName": "TV",
        "cveId": "CVE-2026-23571",
        "datePublished": "2026-01-29T08:41:45.941Z",
        "dateReserved": "2026-01-14T13:54:40.322Z",
        "dateUpdated": "2026-01-29T16:53:17.959Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-23570 (GCVE-0-2026-23570)

    Vulnerability from nvd – Published: 2026-01-29 08:50 – Updated: 2026-01-29 15:45
    VLAI
    Title
    Log timestamp tampering vulnerability in Content Distribution Service
    Summary
    A missing validation of a user-controlled value in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an adjacent network attacker to tamper with log timestamps via crafted UDP Sync command. This could result in forged or nonsensical datetime prefixes and compromising log integrity and forensic correlation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    TV
    Impacted products
    Vendor Product Version
    TeamViewer DEX Affected: 0 , < 26.1 (custom)
    Create a notification for this product.
    Credits
    Threat Hunt Team of Bank of America
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-23570",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-29T15:41:12.827915Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-29T15:45:56.209Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Content Distribution Service",
                "NomadBranch.exe"
              ],
              "platforms": [
                "Windows"
              ],
              "product": "DEX",
              "vendor": "TeamViewer",
              "versions": [
                {
                  "lessThan": "26.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Threat Hunt Team of Bank of America"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A missing validation of a user-controlled value in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an adjacent network attacker to tamper with log timestamps via crafted UDP Sync command. This could result in forged or nonsensical datetime prefixes and compromising log integrity and forensic correlation."
                }
              ],
              "value": "A missing validation of a user-controlled value in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an adjacent network attacker to tamper with log timestamps via crafted UDP Sync command. This could result in forged or nonsensical datetime prefixes and compromising log integrity and forensic correlation."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-93",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-93 Log Injection-Tampering-Forging"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-29T08:50:52.882Z",
            "orgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
            "shortName": "TV"
          },
          "references": [
            {
              "url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1001/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update the TeamViewer DEX Client (1E Client) to the latest available version."
                }
              ],
              "value": "Update the TeamViewer DEX Client (1E Client) to the latest available version."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Log timestamp tampering vulnerability in Content Distribution Service",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
        "assignerShortName": "TV",
        "cveId": "CVE-2026-23570",
        "datePublished": "2026-01-29T08:50:52.882Z",
        "dateReserved": "2026-01-14T13:54:40.322Z",
        "dateUpdated": "2026-01-29T15:45:56.209Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-23569 (GCVE-0-2026-23569)

    Vulnerability from nvd – Published: 2026-01-29 08:49 – Updated: 2026-01-29 16:00
    VLAI
    Title
    Out-of-bounds read vulnerability in Content Distribution Service
    Summary
    An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows a remote attacker to leak stack memory and cause a denial of service via a crafted request. The leaked stack memory could be used to bypass ASLR remotely and facilitate exploitation of other vulnerabilities on the affected system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    TV
    Impacted products
    Vendor Product Version
    TeamViewer DEX Affected: 0 , < 26.1 (custom)
    Create a notification for this product.
    Credits
    Threat Hunt Team of Bank of America
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-23569",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-29T15:55:21.344277Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-29T16:00:12.743Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Content Distribution Service",
                "NomadBranch.exe"
              ],
              "platforms": [
                "Windows"
              ],
              "product": "DEX",
              "vendor": "TeamViewer",
              "versions": [
                {
                  "lessThan": "26.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Threat Hunt Team of Bank of America"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows a remote attacker to leak stack memory and cause a denial of service via a crafted request. The leaked stack memory could be used to bypass ASLR remotely and facilitate exploitation of other vulnerabilities on the affected system."
                }
              ],
              "value": "An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows a remote attacker to leak stack memory and cause a denial of service via a crafted request. The leaked stack memory could be used to bypass ASLR remotely and facilitate exploitation of other vulnerabilities on the affected system."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-29T08:49:32.260Z",
            "orgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
            "shortName": "TV"
          },
          "references": [
            {
              "url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1001/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update the TeamViewer DEX Client (1E Client) to the latest available version."
                }
              ],
              "value": "Update the TeamViewer DEX Client (1E Client) to the latest available version."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Out-of-bounds read vulnerability in Content Distribution Service",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
        "assignerShortName": "TV",
        "cveId": "CVE-2026-23569",
        "datePublished": "2026-01-29T08:49:32.260Z",
        "dateReserved": "2026-01-14T13:54:40.322Z",
        "dateUpdated": "2026-01-29T16:00:12.743Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-23568 (GCVE-0-2026-23568)

    Vulnerability from nvd – Published: 2026-01-29 08:48 – Updated: 2026-01-29 16:04
    VLAI
    Title
    Out-of-bounds read vulnerability in Content Distribution Service
    Summary
    An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause information disclosure or denial-of-service via a special crafted packet. The leaked memory could be used to bypass ASLR and facilitate further exploitation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    TV
    Impacted products
    Vendor Product Version
    TeamViewer DEX Affected: 0 , < 26.1 (custom)
    Create a notification for this product.
    Credits
    Threat Hunt Team of Bank of America
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-23568",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-29T16:04:33.836893Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-29T16:04:44.937Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Content Distribution Service",
                "NomadBranch.exe"
              ],
              "platforms": [
                "Windows"
              ],
              "product": "DEX",
              "vendor": "TeamViewer",
              "versions": [
                {
                  "lessThan": "26.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Threat Hunt Team of Bank of America"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause information disclosure or denial-of-service via a special crafted packet. The leaked memory could be used to bypass ASLR and facilitate further exploitation."
                }
              ],
              "value": "An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause information disclosure or denial-of-service via a special crafted packet. The leaked memory could be used to bypass ASLR and facilitate further exploitation."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-29T08:48:17.551Z",
            "orgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
            "shortName": "TV"
          },
          "references": [
            {
              "url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1001/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update the TeamViewer DEX Client (1E Client) to the latest available version."
                }
              ],
              "value": "Update the TeamViewer DEX Client (1E Client) to the latest available version."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Out-of-bounds read vulnerability in Content Distribution Service",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
        "assignerShortName": "TV",
        "cveId": "CVE-2026-23568",
        "datePublished": "2026-01-29T08:48:17.551Z",
        "dateReserved": "2026-01-14T13:54:40.322Z",
        "dateUpdated": "2026-01-29T16:04:44.937Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-23567 (GCVE-0-2026-23567)

    Vulnerability from nvd – Published: 2026-01-29 08:47 – Updated: 2026-01-29 16:44
    VLAI
    Title
    Integer underflow in Content Distribution Service UDP handler
    Summary
    An integer underflow in the UDP command handler of the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an adjacent network attacker to trigger a heap-based buffer overflow and cause a denial-of-service (service crash) via specially crafted UDP packets.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    TV
    Impacted products
    Vendor Product Version
    TeamViewer DEX Affected: 0 , < 26.1 (custom)
    Create a notification for this product.
    Credits
    Threat Hunt Team of Bank of America
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-23567",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-29T15:56:32.513279Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-29T16:44:12.331Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Content Distribution Service",
                "NomadBranch.exe"
              ],
              "platforms": [
                "Windows"
              ],
              "product": "DEX",
              "vendor": "TeamViewer",
              "versions": [
                {
                  "lessThan": "26.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Threat Hunt Team of Bank of America"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An integer underflow in the UDP command handler of the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an adjacent network attacker to trigger a heap-based buffer overflow and cause a denial-of-service (service crash) via specially crafted UDP packets."
                }
              ],
              "value": "An integer underflow in the UDP command handler of the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an adjacent network attacker to trigger a heap-based buffer overflow and cause a denial-of-service (service crash) via specially crafted UDP packets."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-29T08:47:13.169Z",
            "orgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
            "shortName": "TV"
          },
          "references": [
            {
              "url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1001/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update the TeamViewer DEX Client (1E Client) to the latest available version."
                }
              ],
              "value": "Update the TeamViewer DEX Client (1E Client) to the latest available version."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Integer underflow in Content Distribution Service UDP handler",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
        "assignerShortName": "TV",
        "cveId": "CVE-2026-23567",
        "datePublished": "2026-01-29T08:47:13.169Z",
        "dateReserved": "2026-01-14T13:54:40.322Z",
        "dateUpdated": "2026-01-29T16:44:12.331Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-23566 (GCVE-0-2026-23566)

    Vulnerability from nvd – Published: 2026-01-29 08:46 – Updated: 2026-01-29 16:44
    VLAI
    Title
    Log Injection in Content Distribution Service UDP Handler
    Summary
    A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to inject, tamper with, or forge log entries in \Nomad Branch.log via crafted data sent to the UDP network handler. This can impact log integrity and nonrepudiation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    TV
    Impacted products
    Vendor Product Version
    TeamViewer DEX Affected: 0 , < 26.1 (custom)
    Create a notification for this product.
    Credits
    Threat Hunt Team of Bank of America
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-23566",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-29T15:56:46.401061Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-29T16:44:19.585Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Content Distribution Service",
                "NomadBranch.exe"
              ],
              "platforms": [
                "Windows"
              ],
              "product": "DEX",
              "vendor": "TeamViewer",
              "versions": [
                {
                  "lessThan": "26.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Threat Hunt Team of Bank of America"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to inject, tamper with, or forge log entries in \\Nomad Branch.log via crafted data sent to the UDP network handler. This can impact log integrity and nonrepudiation."
                }
              ],
              "value": "A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to inject, tamper with, or forge log entries in \\Nomad Branch.log via crafted data sent to the UDP network handler. This can impact log integrity and nonrepudiation."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153 Input Data Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-29T08:46:02.075Z",
            "orgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
            "shortName": "TV"
          },
          "references": [
            {
              "url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1001/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update the TeamViewer DEX Client (1E Client) to the latest available version."
                }
              ],
              "value": "Update the TeamViewer DEX Client (1E Client) to the latest available version."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Log Injection in Content Distribution Service UDP Handler",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
        "assignerShortName": "TV",
        "cveId": "CVE-2026-23566",
        "datePublished": "2026-01-29T08:46:02.075Z",
        "dateReserved": "2026-01-14T13:54:40.322Z",
        "dateUpdated": "2026-01-29T16:44:19.585Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-23565 (GCVE-0-2026-23565)

    Vulnerability from nvd – Published: 2026-01-29 08:44 – Updated: 2026-01-29 16:52
    VLAI
    Title
    Denial-of-Service in Content Distribution Service
    Summary
    A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause the NomadBranch.exe process to terminate via crafted requests. This can result in a denial-of-service condition of the Content Distribution Service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    TV
    Impacted products
    Vendor Product Version
    TeamViewer DEX Affected: 0 , < 26.1 (custom)
    Create a notification for this product.
    Credits
    Threat Hunt Team of Bank of America
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-23565",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-29T15:56:53.912682Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-29T16:52:56.446Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Content Distribution Service",
                "NomadBranch.exe"
              ],
              "platforms": [
                "Windows"
              ],
              "product": "DEX",
              "vendor": "TeamViewer",
              "versions": [
                {
                  "lessThan": "26.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Threat Hunt Team of Bank of America"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause the NomadBranch.exe process to terminate via crafted requests. This can result in a denial-of-service condition of the Content Distribution Service."
                }
              ],
              "value": "A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause the NomadBranch.exe process to terminate via crafted requests. This can result in a denial-of-service condition of the Content Distribution Service."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-130",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-130 Excessive Allocation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-29T08:44:58.041Z",
            "orgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
            "shortName": "TV"
          },
          "references": [
            {
              "url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1001/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update the TeamViewer DEX Client (1E Client) to the latest available version."
                }
              ],
              "value": "Update the TeamViewer DEX Client (1E Client) to the latest available version."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Denial-of-Service in Content Distribution Service",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
        "assignerShortName": "TV",
        "cveId": "CVE-2026-23565",
        "datePublished": "2026-01-29T08:44:58.041Z",
        "dateReserved": "2026-01-14T13:54:40.322Z",
        "dateUpdated": "2026-01-29T16:52:56.446Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-23564 (GCVE-0-2026-23564)

    Vulnerability from nvd – Published: 2026-01-29 08:43 – Updated: 2026-01-29 16:53
    VLAI
    Title
    Transmission of Unencrypted Data in Content Distribution Service
    Summary
    A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause normally encrypted UDP traffic to be sent in cleartext. This can result in disclosure of sensitive information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    TV
    Impacted products
    Vendor Product Version
    TeamViewer DEX Affected: 0 , < 26.1 (custom)
    Create a notification for this product.
    Credits
    Threat Hunt Team of Bank of America
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-23564",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-29T15:57:06.915459Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-29T16:53:10.746Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Content Distribution Service",
                "NomadBranch.exe"
              ],
              "platforms": [
                "Windows"
              ],
              "product": "DEX",
              "vendor": "TeamViewer",
              "versions": [
                {
                  "lessThan": "26.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Threat Hunt Team of Bank of America"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause normally encrypted UDP traffic to be sent in cleartext. This can result in disclosure of sensitive information.\u003c/span\u003e"
                }
              ],
              "value": "A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause normally encrypted UDP traffic to be sent in cleartext. This can result in disclosure of sensitive information."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-220",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-220 Client-Server Protocol Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-29T08:43:43.799Z",
            "orgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
            "shortName": "TV"
          },
          "references": [
            {
              "url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1001/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update the TeamViewer DEX Client (1E Client) to the latest available version."
                }
              ],
              "value": "Update the TeamViewer DEX Client (1E Client) to the latest available version."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Transmission of Unencrypted Data in Content Distribution Service",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
        "assignerShortName": "TV",
        "cveId": "CVE-2026-23564",
        "datePublished": "2026-01-29T08:43:43.799Z",
        "dateReserved": "2026-01-14T13:54:40.322Z",
        "dateUpdated": "2026-01-29T16:53:10.746Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-23563 (GCVE-0-2026-23563)

    Vulnerability from nvd – Published: 2026-01-29 08:39 – Updated: 2026-01-29 16:53
    VLAI
    Title
    Privilege escalation in TeamViewer DEX via DeleteFileByPath instruction
    Summary
    Improper Link Resolution Before File Access (invoked by 1E‑Explorer‑TachyonCore‑DeleteFileByPath instruction) in TeamViewer DEX - 1E Client before version 26.1 on Windows allows a low‑privileged local attacker to delete protected system files via a crafted RPC control junction or symlink that is followed when the delete instruction executes.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    TV
    Impacted products
    Vendor Product Version
    TeamViewer DEX Affected: 0 , < 26.1 (custom)
    Create a notification for this product.
    Credits
    Lockheed Martin Red Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-23563",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-29T15:57:26.896440Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-29T16:53:26.845Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "1E Client"
              ],
              "platforms": [
                "Windows"
              ],
              "product": "DEX",
              "vendor": "TeamViewer",
              "versions": [
                {
                  "lessThan": "26.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Lockheed Martin Red Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Link Resolution Before File Access (invoked by 1E\u2011Explorer\u2011TachyonCore\u2011DeleteFileByPath instruction) in TeamViewer DEX - 1E Client before version 26.1 on Windows allows a low\u2011privileged local attacker to delete protected system files via a crafted RPC control junction or symlink that is followed when the delete instruction executes."
                }
              ],
              "value": "Improper Link Resolution Before File Access (invoked by 1E\u2011Explorer\u2011TachyonCore\u2011DeleteFileByPath instruction) in TeamViewer DEX - 1E Client before version 26.1 on Windows allows a low\u2011privileged local attacker to delete protected system files via a crafted RPC control junction or symlink that is followed when the delete instruction executes."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-132",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-132 Symlink Attack"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-29T08:39:56.105Z",
            "orgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
            "shortName": "TV"
          },
          "references": [
            {
              "url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1002/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update the TeamViewer DEX Client (1E Client) to the latest available version."
                }
              ],
              "value": "Update the TeamViewer DEX Client (1E Client) to the latest available version."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Privilege escalation in TeamViewer DEX via DeleteFileByPath instruction",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
        "assignerShortName": "TV",
        "cveId": "CVE-2026-23563",
        "datePublished": "2026-01-29T08:39:56.105Z",
        "dateReserved": "2026-01-14T13:54:40.321Z",
        "dateUpdated": "2026-01-29T16:53:26.845Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-64995 (GCVE-0-2025-64995)

    Vulnerability from nvd – Published: 2025-12-11 11:29 – Updated: 2025-12-11 14:40
    VLAI
    Title
    Privilege Escalation via Process Hijacking in 1E-Exchange-NomadClientHealth-ConfigureGeneralSetting instruction
    Summary
    A privilege escalation vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Exchange-NomadClientHealth-ConfigureGeneralSetting instruction prior V3.4. Improper protection of the execution path on the local device allows attackers, with local access to the device during execution, to hijack the process and execute arbitrary code with SYSTEM privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    TV
    Impacted products
    Vendor Product Version
    TeamViewer DEX Affected: 0 , < 3.4 (custom)
    Create a notification for this product.
    Credits
    Lockheed Martin Red Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-64995",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-11T14:37:06.691098Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-11T14:40:43.196Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "1E-Exchange-NomadClientHealth-ConfigureGeneralSetting instruction"
              ],
              "product": "DEX",
              "vendor": "TeamViewer",
              "versions": [
                {
                  "lessThan": "3.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Lockheed Martin Red Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A privilege escalation vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Exchange-NomadClientHealth-ConfigureGeneralSetting instruction prior V3.4. Improper protection of the execution path on the local device allows attackers, with local access to the device during execution, to hijack the process and execute arbitrary code with SYSTEM privileges.\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "A privilege escalation vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Exchange-NomadClientHealth-ConfigureGeneralSetting instruction prior V3.4. Improper protection of the execution path on the local device allows attackers, with local access to the device during execution, to hijack the process and execute arbitrary code with SYSTEM privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427 Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-11T11:29:50.467Z",
            "orgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
            "shortName": "TV"
          },
          "references": [
            {
              "url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1006/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to the latest available versions (v3.4 or later)."
                }
              ],
              "value": "Update to the latest available versions (v3.4 or later)."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Privilege Escalation via Process Hijacking in 1E-Exchange-NomadClientHealth-ConfigureGeneralSetting instruction",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
        "assignerShortName": "TV",
        "cveId": "CVE-2025-64995",
        "datePublished": "2025-12-11T11:29:50.467Z",
        "dateReserved": "2025-11-12T08:16:25.593Z",
        "dateUpdated": "2025-12-11T14:40:43.196Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-64994 (GCVE-0-2025-64994)

    Vulnerability from nvd – Published: 2025-12-11 11:29 – Updated: 2025-12-11 14:43
    VLAI
    Title
    Privilege Escalation via Uncontrolled Search Path in 1E-Nomad-SetWorkRate instruction
    Summary
    A privilege escalation vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-SetWorkRate instruction prior V17.1. The improper handling of executable search paths could allow local attackers with write access to a PATH directory on a device to escalate privileges and execute arbitrary code as SYSTEM.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    TV
    Impacted products
    Vendor Product Version
    TeamViewer DEX Affected: 0 , < 17.1 (custom)
    Create a notification for this product.
    Credits
    Lockheed Martin Red Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-64994",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-11T14:42:57.887630Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-11T14:43:39.372Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "1E-Nomad-SetWorkRate instruction"
              ],
              "product": "DEX",
              "vendor": "TeamViewer",
              "versions": [
                {
                  "lessThan": "17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Lockheed Martin Red Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A privilege escalation vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-SetWorkRate instruction prior V17.1. The improper handling of executable search paths could allow local attackers with write access to a PATH directory on a device to escalate privileges and execute arbitrary code as SYSTEM.\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "A privilege escalation vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-SetWorkRate instruction prior V17.1. The improper handling of executable search paths could allow local attackers with write access to a PATH directory on a device to escalate privileges and execute arbitrary code as SYSTEM."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427 Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-11T11:29:37.364Z",
            "orgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
            "shortName": "TV"
          },
          "references": [
            {
              "url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1006/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "On-prem users should update to the latest available version (v17.1 or later). SaaS instances have been updated automatically."
                }
              ],
              "value": "On-prem users should update to the latest available version (v17.1 or later). SaaS instances have been updated automatically."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Privilege Escalation via Uncontrolled Search Path in 1E-Nomad-SetWorkRate instruction",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
        "assignerShortName": "TV",
        "cveId": "CVE-2025-64994",
        "datePublished": "2025-12-11T11:29:37.364Z",
        "dateReserved": "2025-11-12T08:16:25.593Z",
        "dateUpdated": "2025-12-11T14:43:39.372Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-64993 (GCVE-0-2025-64993)

    Vulnerability from nvd – Published: 2025-12-11 11:29 – Updated: 2025-12-11 14:44
    VLAI
    Title
    Command Injection in 1E-ConfigMgrConsoleExtensions Instructions
    Summary
    A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-ConfigMgrConsoleExtensions instructions. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote execution of elevated commands on devices connected to the platform.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    TV
    Impacted products
    Vendor Product Version
    TeamViewer DEX Affected: 0 , < 29 (custom)
    Create a notification for this product.
    TeamViewer DEX Affected: 0 , < 30 (custom)
    Create a notification for this product.
    Credits
    Lockheed Martin Red Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-64993",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-11T14:44:15.369092Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-11T14:44:21.214Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "1E-ConfigMgrConsoleExtensions-StopConfigMgrClientService"
              ],
              "product": "DEX",
              "vendor": "TeamViewer",
              "versions": [
                {
                  "lessThan": "29",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "1E-ConfigMgrConsoleExtensions-TriggerApplicationDeploymentEvaluationCycle"
              ],
              "product": "DEX",
              "vendor": "TeamViewer",
              "versions": [
                {
                  "lessThan": "29",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "1E-ConfigMgrConsoleExtensions-TriggerClientHealthCheck"
              ],
              "product": "DEX",
              "vendor": "TeamViewer",
              "versions": [
                {
                  "lessThan": "30",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "1E-ConfigMgrConsoleExtensions-TriggerDiscoveryDataCollectionCycle"
              ],
              "product": "DEX",
              "vendor": "TeamViewer",
              "versions": [
                {
                  "lessThan": "29",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "1E-ConfigMgrConsoleExtensions-TriggerFileCollectionCycle"
              ],
              "product": "DEX",
              "vendor": "TeamViewer",
              "versions": [
                {
                  "lessThan": "29",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "1E-ConfigMgrConsoleExtensions-TriggerHardwareInventoryCycle"
              ],
              "product": "DEX",
              "vendor": "TeamViewer",
              "versions": [
                {
                  "lessThan": "29",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "1E-ConfigMgrConsoleExtensions-TriggerMachinePolicyRetrievalAndEvaluationCycle"
              ],
              "product": "DEX",
              "vendor": "TeamViewer",
              "versions": [
                {
                  "lessThan": "29",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "1E-ConfigMgrConsoleExtensions-TriggerSoftwareInventoryCycle"
              ],
              "product": "DEX",
              "vendor": "TeamViewer",
              "versions": [
                {
                  "lessThan": "29",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "1E-ConfigMgrConsoleExtensions-TriggerSoftwareMeteringUsageReportCycle"
              ],
              "product": "DEX",
              "vendor": "TeamViewer",
              "versions": [
                {
                  "lessThan": "29",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "1E-ConfigMgrConsoleExtensions-TriggerSoftwareUpdatesDeploymentEvaluationCycle"
              ],
              "product": "DEX",
              "vendor": "TeamViewer",
              "versions": [
                {
                  "lessThan": "29",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "1E-ConfigMgrConsoleExtensions-TriggerSoftwareUpdatesScanCycle"
              ],
              "product": "DEX",
              "vendor": "TeamViewer",
              "versions": [
                {
                  "lessThan": "29",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Lockheed Martin Red Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-ConfigMgrConsoleExtensions instructions. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote execution of elevated commands on devices connected to the platform.\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-ConfigMgrConsoleExtensions instructions. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote execution of elevated commands on devices connected to the platform."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-11T11:29:09.540Z",
            "orgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
            "shortName": "TV"
          },
          "references": [
            {
              "url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1006/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "On-prem users should update to the latest available versions. SaaS instances have been updated automatically."
                }
              ],
              "value": "On-prem users should update to the latest available versions. SaaS instances have been updated automatically."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Command Injection in 1E-ConfigMgrConsoleExtensions Instructions",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
        "assignerShortName": "TV",
        "cveId": "CVE-2025-64993",
        "datePublished": "2025-12-11T11:29:09.540Z",
        "dateReserved": "2025-11-12T08:16:25.592Z",
        "dateUpdated": "2025-12-11T14:44:21.214Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-64992 (GCVE-0-2025-64992)

    Vulnerability from nvd – Published: 2025-12-11 11:28 – Updated: 2025-12-11 15:42
    VLAI
    Title
    Command Injection in 1E-Nomad-PauseNomadJobQueue Instruction
    Summary
    A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-PauseNomadJobQueue instruction prior V25. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote execution of elevated commands on devices connected to the platform.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    TV
    Impacted products
    Vendor Product Version
    TeamViewer DEX Affected: 0 , < 25 (custom)
    Create a notification for this product.
    Credits
    Lockheed Martin Red Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-64992",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-11T15:42:20.267383Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-11T15:42:52.715Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "1E-Nomad-PauseNomadJobQueue Instruction"
              ],
              "product": "DEX",
              "vendor": "TeamViewer",
              "versions": [
                {
                  "lessThan": "25",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Lockheed Martin Red Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-PauseNomadJobQueue instruction prior V25. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote execution of elevated commands on devices connected to the platform.\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-PauseNomadJobQueue instruction prior V25. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote execution of elevated commands on devices connected to the platform."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-11T11:28:53.279Z",
            "orgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
            "shortName": "TV"
          },
          "references": [
            {
              "url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1006/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "On-prem users should update to the latest available version (v25 or later). SaaS instances have been updated automatically."
                }
              ],
              "value": "On-prem users should update to the latest available version (v25 or later). SaaS instances have been updated automatically."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Command Injection in 1E-Nomad-PauseNomadJobQueue Instruction",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
        "assignerShortName": "TV",
        "cveId": "CVE-2025-64992",
        "datePublished": "2025-12-11T11:28:53.279Z",
        "dateReserved": "2025-11-12T08:16:25.592Z",
        "dateUpdated": "2025-12-11T15:42:52.715Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-64991 (GCVE-0-2025-64991)

    Vulnerability from nvd – Published: 2025-12-11 11:28 – Updated: 2025-12-11 16:17
    VLAI
    Title
    Command Injection in 1E-PatchInsights-Deploy Instruction
    Summary
    A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-PatchInsights-Deploy instruction prior V15. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote execution of elevated commands on devices connected to the platform.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    TV
    Impacted products
    Vendor Product Version
    TeamViewer DEX Affected: 0 , < 15 (custom)
    Create a notification for this product.
    Credits
    Lockheed Martin Red Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-64991",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-11T16:17:04.277981Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-11T16:17:11.880Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "1E-Explorer-TachyonCore-LogoffUser Instruction"
              ],
              "product": "DEX",
              "vendor": "TeamViewer",
              "versions": [
                {
                  "lessThan": "15",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Lockheed Martin Red Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-PatchInsights-Deploy instruction prior V15. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote execution of elevated commands on devices connected to the platform.\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-PatchInsights-Deploy instruction prior V15. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote execution of elevated commands on devices connected to the platform."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-11T11:28:16.281Z",
            "orgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
            "shortName": "TV"
          },
          "references": [
            {
              "url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1006/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "On-prem users should update to the latest available version (v15 or later). SaaS instances have been updated automatically."
                }
              ],
              "value": "On-prem users should update to the latest available version (v15 or later). SaaS instances have been updated automatically."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Command Injection in 1E-PatchInsights-Deploy Instruction",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
        "assignerShortName": "TV",
        "cveId": "CVE-2025-64991",
        "datePublished": "2025-12-11T11:28:16.281Z",
        "dateReserved": "2025-11-12T08:16:25.592Z",
        "dateUpdated": "2025-12-11T16:17:11.880Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-64990 (GCVE-0-2025-64990)

    Vulnerability from nvd – Published: 2025-12-11 11:27 – Updated: 2025-12-11 16:23
    VLAI
    Title
    Command Injection in 1E-Explorer-TachyonCore-LogoffUser Instruction
    Summary
    A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Explorer-TachyonCore-LogoffUser instruction prior V21.1. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote execution of elevated commands on devices connected to the platform.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    TV
    Impacted products
    Vendor Product Version
    TeamViewer DEX Affected: 0 , < 21.1 (custom)
    Create a notification for this product.
    Credits
    Lockheed Martin Red Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-64990",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-11T16:21:25.473194Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-11T16:23:42.739Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "1E-Explorer-TachyonCore-LogoffUser Instruction"
              ],
              "product": "DEX",
              "vendor": "TeamViewer",
              "versions": [
                {
                  "lessThan": "21.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Lockheed Martin Red Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Explorer-TachyonCore-LogoffUser instruction prior V21.1. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote execution of elevated commands on devices connected to the platform.\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Explorer-TachyonCore-LogoffUser instruction prior V21.1. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote execution of elevated commands on devices connected to the platform."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-11T11:27:42.987Z",
            "orgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
            "shortName": "TV"
          },
          "references": [
            {
              "url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1006/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "On-prem users should update to the latest available version (v21.1 or later). SaaS instances have been updated automatically."
                }
              ],
              "value": "On-prem users should update to the latest available version (v21.1 or later). SaaS instances have been updated automatically."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Command Injection in 1E-Explorer-TachyonCore-LogoffUser Instruction",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
        "assignerShortName": "TV",
        "cveId": "CVE-2025-64990",
        "datePublished": "2025-12-11T11:27:42.987Z",
        "dateReserved": "2025-11-12T08:16:25.592Z",
        "dateUpdated": "2025-12-11T16:23:42.739Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8381 (GCVE-0-2026-8381)

    Vulnerability from cvelistv5 – Published: 2026-05-22 08:29 – Updated: 2026-05-22 13:45
    VLAI
    Title
    Broken Access Control in TeamViewer DEX Platform (On Premises)
    Summary
    A broken access control vulnerability exists in the TeamViewer DEX Platform (On‑Premises) prior version 9.2. Certain backend API endpoints do not correctly enforce authorization checks, allowing an authenticated user with low privileges to perform actions and access resources intended only for higher‑privileged roles. An attacker with low‑privileged credentials may exploit this to gain unauthorized access to administrative or sensitive functionality.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-862 - – Missing Authorization
    Assigner
    TV
    Impacted products
    Vendor Product Version
    TeamViewer DEX (On-premises) Affected: 0 , < 9.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8381",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-22T13:45:22.203910Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-22T13:45:33.655Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DEX (On-premises)",
              "vendor": "TeamViewer",
              "versions": [
                {
                  "lessThan": "9.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA broken access\ncontrol vulnerability exists in the TeamViewer DEX Platform (On\u2011Premises) prior version 9.2. Certain backend API endpoints do not\ncorrectly enforce authorization checks, allowing an authenticated user with low\nprivileges to perform actions and access resources intended only for higher\u2011privileged roles.\u0026nbsp;\u003cspan\u003eAn attacker with\nlow\u003c/span\u003e\u003cspan\u003e\u2011\u003c/span\u003e\u003cspan\u003eprivileged credentials may exploit\nthis to gain unauthorized access to administrative or sensitive functionality.\u003c/span\u003e\u003c/p\u003e"
                }
              ],
              "value": "A broken access\ncontrol vulnerability exists in the TeamViewer DEX Platform (On\u2011Premises) prior version 9.2. Certain backend API endpoints do not\ncorrectly enforce authorization checks, allowing an authenticated user with low\nprivileges to perform actions and access resources intended only for higher\u2011privileged roles.\u00a0An attacker with\nlow\u2011privileged credentials may exploit\nthis to gain unauthorized access to administrative or sensitive functionality."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-122",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-122 Privilege Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 \u2013 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-22T08:29:16.451Z",
            "orgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
            "shortName": "TV"
          },
          "references": [
            {
              "url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1005/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eUpdate to the\nlatest version (9.2 or the latest version available).\u003c/p\u003e"
                }
              ],
              "value": "Update to the\nlatest version (9.2 or the latest version available)."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Broken Access Control in TeamViewer DEX Platform (On Premises)",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
        "assignerShortName": "TV",
        "cveId": "CVE-2026-8381",
        "datePublished": "2026-05-22T08:29:16.451Z",
        "dateReserved": "2026-05-12T08:47:56.307Z",
        "dateUpdated": "2026-05-22T13:45:33.655Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2695 (GCVE-0-2026-2695)

    Vulnerability from cvelistv5 – Published: 2026-05-13 16:09 – Updated: 2026-05-13 17:45
    VLAI
    Title
    Lack of Server-side validation in Instruction Input in TeamViewer DEX Platform (On-Premises)
    Summary
    A command injection vulnerability was discovered in TeamViewer DEX Platform On-Premises (former 1E DEX Platform On-Premises) prior to version 9.2. Improper input validation allows authenticated users with at least questioner privileges to inject commands in specific instructions. Exploitation could lead to execution of elevated commands on devices connected to the platform.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper input validation
    Assigner
    TV
    Impacted products
    Vendor Product Version
    TeamViewer DEX (On-Premises) Affected: 0 , < 9.2 (custom)
    Create a notification for this product.
    Credits
    Lockheed Martin Red Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2695",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T17:19:55.259243Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T17:45:24.249Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Platform"
              ],
              "product": "DEX (On-Premises)",
              "vendor": "TeamViewer",
              "versions": [
                {
                  "lessThan": "9.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Lockheed Martin Red Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA command\ninjection vulnerability was discovered\u0026nbsp;in TeamViewer DEX Platform On-Premises\n(former 1E DEX Platform On-Premises) prior to version 9.2.\u0026nbsp;Improper input validation allows\nauthenticated users with at least questioner privileges to inject commands in specific\ninstructions. Exploitation could lead to execution of elevated commands on\ndevices connected to the platform.\u0026nbsp;\u003c/p\u003e"
                }
              ],
              "value": "A command\ninjection vulnerability was discovered\u00a0in TeamViewer DEX Platform On-Premises\n(former 1E DEX Platform On-Premises) prior to version 9.2.\u00a0Improper input validation allows\nauthenticated users with at least questioner privileges to inject commands in specific\ninstructions. Exploitation could lead to execution of elevated commands on\ndevices connected to the platform."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper input validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T16:09:08.776Z",
            "orgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
            "shortName": "TV"
          },
          "references": [
            {
              "url": "https://www.teamviewer.com/de/resources/trust-center/security-bulletins/tv-2026-1004/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to the latest version (v9.2 or the latest available version)."
                }
              ],
              "value": "Update to the latest version (v9.2 or the latest available version)."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Lack of Server-side validation in Instruction Input in TeamViewer DEX Platform (On-Premises)",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
        "assignerShortName": "TV",
        "cveId": "CVE-2026-2695",
        "datePublished": "2026-05-13T16:09:08.776Z",
        "dateReserved": "2026-02-18T14:30:36.890Z",
        "dateUpdated": "2026-05-13T17:45:24.249Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-23572 (GCVE-0-2026-23572)

    Vulnerability from cvelistv5 – Published: 2026-02-05 11:51 – Updated: 2026-02-05 14:11
    VLAI
    Title
    Improper Access Control in TeamViewer clients
    Summary
    Improper access control in the TeamViewer Full and Host clients (Windows, macOS, Linux) prior version 15.74.5 allows an authenticated user to bypass additional access controls with “Allow after confirmation” configuration in a remote session. An exploit could result in unauthorized access prior to local confirmation. The user needs to be authenticated for the remote session via ID/password, Session Link, or Easy Access as a prerequisite to exploit this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    TV
    Impacted products
    Vendor Product Version
    TeamViewer Remote Affected: 0 , < 15.74.5 (custom)
    Create a notification for this product.
    TeamViewer Tensor Affected: 0 , < 15.74.5 (custom)
    Create a notification for this product.
    TeamViewer One Affected: 0 , < 15.74.5 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-23572",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-05T14:10:57.741868Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-05T14:11:05.910Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Full Client",
                "Host"
              ],
              "platforms": [
                "Windows",
                "MacOS",
                "Linux"
              ],
              "product": "Remote",
              "vendor": "TeamViewer",
              "versions": [
                {
                  "lessThan": "15.74.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Full Client",
                "Host"
              ],
              "platforms": [
                "Windows",
                "MacOS",
                "Linux"
              ],
              "product": "Tensor",
              "vendor": "TeamViewer",
              "versions": [
                {
                  "lessThan": "15.74.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Full Client",
                "Host"
              ],
              "platforms": [
                "Windows",
                "MacOS",
                "Linux"
              ],
              "product": "One",
              "vendor": "TeamViewer",
              "versions": [
                {
                  "lessThan": "15.74.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper access control in\u202fthe\u202fTeamViewer\u202fFull and Host clients\u202f(Windows,\u202fmacOS, Linux)\u202fprior\u202fversion\u202f15.74.5 allows an authenticated user\u202fto bypass\u202fadditional\u202faccess controls with\u202f\u201cAllow after\u202fconfirmation\u201d\u202fconfiguration\u202fin\u202fa\u202fremote session.\u202fAn exploit could result in unauthorized access prior to local confirmation.\u202fThe user needs to be authenticated for the remote session via ID/password, Session Link, or Easy Access as a prerequisite to exploit this vulnerability.\u202f\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e"
                }
              ],
              "value": "Improper access control in\u202fthe\u202fTeamViewer\u202fFull and Host clients\u202f(Windows,\u202fmacOS, Linux)\u202fprior\u202fversion\u202f15.74.5 allows an authenticated user\u202fto bypass\u202fadditional\u202faccess controls with\u202f\u201cAllow after\u202fconfirmation\u201d\u202fconfiguration\u202fin\u202fa\u202fremote session.\u202fAn exploit could result in unauthorized access prior to local confirmation.\u202fThe user needs to be authenticated for the remote session via ID/password, Session Link, or Easy Access as a prerequisite to exploit this vulnerability."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-180",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-05T11:51:20.224Z",
            "orgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
            "shortName": "TV"
          },
          "references": [
            {
              "url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1003/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate to the latest client version (15.74.5 or the latest version available).\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Update to the latest client version (15.74.5 or the latest version available)."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper Access Control in TeamViewer clients",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIf an immediate update of the client is not possible\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;and the use of \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eadditional\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;access controls is \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003erequired\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e, the access control setting \u201cControl this computer \u2013 Allow after Confirmation\u201d can be set as mitigation. This prevents exploitation. The access controls can be configured in the Client Settings \u2013 \u201cAdvanced Options \u0026gt; Advanced Settings for connections to this computer\u201d or via Policies \u201cAccess Control (incoming connections)\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u201d.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "If an immediate update of the client is not possible\u00a0and the use of additional\u00a0access controls is required, the access control setting \u201cControl this computer \u2013 Allow after Confirmation\u201d can be set as mitigation. This prevents exploitation. The access controls can be configured in the Client Settings \u2013 \u201cAdvanced Options \u003e Advanced Settings for connections to this computer\u201d or via Policies \u201cAccess Control (incoming connections)\u201d."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
        "assignerShortName": "TV",
        "cveId": "CVE-2026-23572",
        "datePublished": "2026-02-05T11:51:20.224Z",
        "dateReserved": "2026-01-14T13:54:40.322Z",
        "dateUpdated": "2026-02-05T14:11:05.910Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-23570 (GCVE-0-2026-23570)

    Vulnerability from cvelistv5 – Published: 2026-01-29 08:50 – Updated: 2026-01-29 15:45
    VLAI
    Title
    Log timestamp tampering vulnerability in Content Distribution Service
    Summary
    A missing validation of a user-controlled value in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an adjacent network attacker to tamper with log timestamps via crafted UDP Sync command. This could result in forged or nonsensical datetime prefixes and compromising log integrity and forensic correlation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    TV
    Impacted products
    Vendor Product Version
    TeamViewer DEX Affected: 0 , < 26.1 (custom)
    Create a notification for this product.
    Credits
    Threat Hunt Team of Bank of America
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-23570",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-29T15:41:12.827915Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-29T15:45:56.209Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Content Distribution Service",
                "NomadBranch.exe"
              ],
              "platforms": [
                "Windows"
              ],
              "product": "DEX",
              "vendor": "TeamViewer",
              "versions": [
                {
                  "lessThan": "26.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Threat Hunt Team of Bank of America"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A missing validation of a user-controlled value in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an adjacent network attacker to tamper with log timestamps via crafted UDP Sync command. This could result in forged or nonsensical datetime prefixes and compromising log integrity and forensic correlation."
                }
              ],
              "value": "A missing validation of a user-controlled value in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an adjacent network attacker to tamper with log timestamps via crafted UDP Sync command. This could result in forged or nonsensical datetime prefixes and compromising log integrity and forensic correlation."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-93",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-93 Log Injection-Tampering-Forging"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-29T08:50:52.882Z",
            "orgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
            "shortName": "TV"
          },
          "references": [
            {
              "url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1001/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update the TeamViewer DEX Client (1E Client) to the latest available version."
                }
              ],
              "value": "Update the TeamViewer DEX Client (1E Client) to the latest available version."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Log timestamp tampering vulnerability in Content Distribution Service",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
        "assignerShortName": "TV",
        "cveId": "CVE-2026-23570",
        "datePublished": "2026-01-29T08:50:52.882Z",
        "dateReserved": "2026-01-14T13:54:40.322Z",
        "dateUpdated": "2026-01-29T15:45:56.209Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-23569 (GCVE-0-2026-23569)

    Vulnerability from cvelistv5 – Published: 2026-01-29 08:49 – Updated: 2026-01-29 16:00
    VLAI
    Title
    Out-of-bounds read vulnerability in Content Distribution Service
    Summary
    An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows a remote attacker to leak stack memory and cause a denial of service via a crafted request. The leaked stack memory could be used to bypass ASLR remotely and facilitate exploitation of other vulnerabilities on the affected system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    TV
    Impacted products
    Vendor Product Version
    TeamViewer DEX Affected: 0 , < 26.1 (custom)
    Create a notification for this product.
    Credits
    Threat Hunt Team of Bank of America
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-23569",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-29T15:55:21.344277Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-29T16:00:12.743Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Content Distribution Service",
                "NomadBranch.exe"
              ],
              "platforms": [
                "Windows"
              ],
              "product": "DEX",
              "vendor": "TeamViewer",
              "versions": [
                {
                  "lessThan": "26.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Threat Hunt Team of Bank of America"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows a remote attacker to leak stack memory and cause a denial of service via a crafted request. The leaked stack memory could be used to bypass ASLR remotely and facilitate exploitation of other vulnerabilities on the affected system."
                }
              ],
              "value": "An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows a remote attacker to leak stack memory and cause a denial of service via a crafted request. The leaked stack memory could be used to bypass ASLR remotely and facilitate exploitation of other vulnerabilities on the affected system."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-29T08:49:32.260Z",
            "orgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
            "shortName": "TV"
          },
          "references": [
            {
              "url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1001/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update the TeamViewer DEX Client (1E Client) to the latest available version."
                }
              ],
              "value": "Update the TeamViewer DEX Client (1E Client) to the latest available version."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Out-of-bounds read vulnerability in Content Distribution Service",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
        "assignerShortName": "TV",
        "cveId": "CVE-2026-23569",
        "datePublished": "2026-01-29T08:49:32.260Z",
        "dateReserved": "2026-01-14T13:54:40.322Z",
        "dateUpdated": "2026-01-29T16:00:12.743Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-23568 (GCVE-0-2026-23568)

    Vulnerability from cvelistv5 – Published: 2026-01-29 08:48 – Updated: 2026-01-29 16:04
    VLAI
    Title
    Out-of-bounds read vulnerability in Content Distribution Service
    Summary
    An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause information disclosure or denial-of-service via a special crafted packet. The leaked memory could be used to bypass ASLR and facilitate further exploitation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    TV
    Impacted products
    Vendor Product Version
    TeamViewer DEX Affected: 0 , < 26.1 (custom)
    Create a notification for this product.
    Credits
    Threat Hunt Team of Bank of America
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-23568",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-29T16:04:33.836893Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-29T16:04:44.937Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Content Distribution Service",
                "NomadBranch.exe"
              ],
              "platforms": [
                "Windows"
              ],
              "product": "DEX",
              "vendor": "TeamViewer",
              "versions": [
                {
                  "lessThan": "26.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Threat Hunt Team of Bank of America"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause information disclosure or denial-of-service via a special crafted packet. The leaked memory could be used to bypass ASLR and facilitate further exploitation."
                }
              ],
              "value": "An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause information disclosure or denial-of-service via a special crafted packet. The leaked memory could be used to bypass ASLR and facilitate further exploitation."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-29T08:48:17.551Z",
            "orgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
            "shortName": "TV"
          },
          "references": [
            {
              "url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1001/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update the TeamViewer DEX Client (1E Client) to the latest available version."
                }
              ],
              "value": "Update the TeamViewer DEX Client (1E Client) to the latest available version."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Out-of-bounds read vulnerability in Content Distribution Service",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
        "assignerShortName": "TV",
        "cveId": "CVE-2026-23568",
        "datePublished": "2026-01-29T08:48:17.551Z",
        "dateReserved": "2026-01-14T13:54:40.322Z",
        "dateUpdated": "2026-01-29T16:04:44.937Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-23567 (GCVE-0-2026-23567)

    Vulnerability from cvelistv5 – Published: 2026-01-29 08:47 – Updated: 2026-01-29 16:44
    VLAI
    Title
    Integer underflow in Content Distribution Service UDP handler
    Summary
    An integer underflow in the UDP command handler of the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an adjacent network attacker to trigger a heap-based buffer overflow and cause a denial-of-service (service crash) via specially crafted UDP packets.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    TV
    Impacted products
    Vendor Product Version
    TeamViewer DEX Affected: 0 , < 26.1 (custom)
    Create a notification for this product.
    Credits
    Threat Hunt Team of Bank of America
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-23567",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-29T15:56:32.513279Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-29T16:44:12.331Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Content Distribution Service",
                "NomadBranch.exe"
              ],
              "platforms": [
                "Windows"
              ],
              "product": "DEX",
              "vendor": "TeamViewer",
              "versions": [
                {
                  "lessThan": "26.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Threat Hunt Team of Bank of America"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An integer underflow in the UDP command handler of the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an adjacent network attacker to trigger a heap-based buffer overflow and cause a denial-of-service (service crash) via specially crafted UDP packets."
                }
              ],
              "value": "An integer underflow in the UDP command handler of the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an adjacent network attacker to trigger a heap-based buffer overflow and cause a denial-of-service (service crash) via specially crafted UDP packets."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-29T08:47:13.169Z",
            "orgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
            "shortName": "TV"
          },
          "references": [
            {
              "url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1001/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update the TeamViewer DEX Client (1E Client) to the latest available version."
                }
              ],
              "value": "Update the TeamViewer DEX Client (1E Client) to the latest available version."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Integer underflow in Content Distribution Service UDP handler",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
        "assignerShortName": "TV",
        "cveId": "CVE-2026-23567",
        "datePublished": "2026-01-29T08:47:13.169Z",
        "dateReserved": "2026-01-14T13:54:40.322Z",
        "dateUpdated": "2026-01-29T16:44:12.331Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-23566 (GCVE-0-2026-23566)

    Vulnerability from cvelistv5 – Published: 2026-01-29 08:46 – Updated: 2026-01-29 16:44
    VLAI
    Title
    Log Injection in Content Distribution Service UDP Handler
    Summary
    A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to inject, tamper with, or forge log entries in \Nomad Branch.log via crafted data sent to the UDP network handler. This can impact log integrity and nonrepudiation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    TV
    Impacted products
    Vendor Product Version
    TeamViewer DEX Affected: 0 , < 26.1 (custom)
    Create a notification for this product.
    Credits
    Threat Hunt Team of Bank of America
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-23566",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-29T15:56:46.401061Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-29T16:44:19.585Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Content Distribution Service",
                "NomadBranch.exe"
              ],
              "platforms": [
                "Windows"
              ],
              "product": "DEX",
              "vendor": "TeamViewer",
              "versions": [
                {
                  "lessThan": "26.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Threat Hunt Team of Bank of America"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to inject, tamper with, or forge log entries in \\Nomad Branch.log via crafted data sent to the UDP network handler. This can impact log integrity and nonrepudiation."
                }
              ],
              "value": "A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to inject, tamper with, or forge log entries in \\Nomad Branch.log via crafted data sent to the UDP network handler. This can impact log integrity and nonrepudiation."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153 Input Data Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-29T08:46:02.075Z",
            "orgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
            "shortName": "TV"
          },
          "references": [
            {
              "url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1001/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update the TeamViewer DEX Client (1E Client) to the latest available version."
                }
              ],
              "value": "Update the TeamViewer DEX Client (1E Client) to the latest available version."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Log Injection in Content Distribution Service UDP Handler",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
        "assignerShortName": "TV",
        "cveId": "CVE-2026-23566",
        "datePublished": "2026-01-29T08:46:02.075Z",
        "dateReserved": "2026-01-14T13:54:40.322Z",
        "dateUpdated": "2026-01-29T16:44:19.585Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-23565 (GCVE-0-2026-23565)

    Vulnerability from cvelistv5 – Published: 2026-01-29 08:44 – Updated: 2026-01-29 16:52
    VLAI
    Title
    Denial-of-Service in Content Distribution Service
    Summary
    A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause the NomadBranch.exe process to terminate via crafted requests. This can result in a denial-of-service condition of the Content Distribution Service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    TV
    Impacted products
    Vendor Product Version
    TeamViewer DEX Affected: 0 , < 26.1 (custom)
    Create a notification for this product.
    Credits
    Threat Hunt Team of Bank of America
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-23565",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-29T15:56:53.912682Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-29T16:52:56.446Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Content Distribution Service",
                "NomadBranch.exe"
              ],
              "platforms": [
                "Windows"
              ],
              "product": "DEX",
              "vendor": "TeamViewer",
              "versions": [
                {
                  "lessThan": "26.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Threat Hunt Team of Bank of America"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause the NomadBranch.exe process to terminate via crafted requests. This can result in a denial-of-service condition of the Content Distribution Service."
                }
              ],
              "value": "A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause the NomadBranch.exe process to terminate via crafted requests. This can result in a denial-of-service condition of the Content Distribution Service."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-130",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-130 Excessive Allocation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-29T08:44:58.041Z",
            "orgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
            "shortName": "TV"
          },
          "references": [
            {
              "url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1001/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update the TeamViewer DEX Client (1E Client) to the latest available version."
                }
              ],
              "value": "Update the TeamViewer DEX Client (1E Client) to the latest available version."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Denial-of-Service in Content Distribution Service",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
        "assignerShortName": "TV",
        "cveId": "CVE-2026-23565",
        "datePublished": "2026-01-29T08:44:58.041Z",
        "dateReserved": "2026-01-14T13:54:40.322Z",
        "dateUpdated": "2026-01-29T16:52:56.446Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-23564 (GCVE-0-2026-23564)

    Vulnerability from cvelistv5 – Published: 2026-01-29 08:43 – Updated: 2026-01-29 16:53
    VLAI
    Title
    Transmission of Unencrypted Data in Content Distribution Service
    Summary
    A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause normally encrypted UDP traffic to be sent in cleartext. This can result in disclosure of sensitive information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    TV
    Impacted products
    Vendor Product Version
    TeamViewer DEX Affected: 0 , < 26.1 (custom)
    Create a notification for this product.
    Credits
    Threat Hunt Team of Bank of America
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-23564",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-29T15:57:06.915459Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-29T16:53:10.746Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Content Distribution Service",
                "NomadBranch.exe"
              ],
              "platforms": [
                "Windows"
              ],
              "product": "DEX",
              "vendor": "TeamViewer",
              "versions": [
                {
                  "lessThan": "26.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Threat Hunt Team of Bank of America"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause normally encrypted UDP traffic to be sent in cleartext. This can result in disclosure of sensitive information.\u003c/span\u003e"
                }
              ],
              "value": "A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause normally encrypted UDP traffic to be sent in cleartext. This can result in disclosure of sensitive information."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-220",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-220 Client-Server Protocol Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-29T08:43:43.799Z",
            "orgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
            "shortName": "TV"
          },
          "references": [
            {
              "url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1001/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update the TeamViewer DEX Client (1E Client) to the latest available version."
                }
              ],
              "value": "Update the TeamViewer DEX Client (1E Client) to the latest available version."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Transmission of Unencrypted Data in Content Distribution Service",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
        "assignerShortName": "TV",
        "cveId": "CVE-2026-23564",
        "datePublished": "2026-01-29T08:43:43.799Z",
        "dateReserved": "2026-01-14T13:54:40.322Z",
        "dateUpdated": "2026-01-29T16:53:10.746Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-23571 (GCVE-0-2026-23571)

    Vulnerability from cvelistv5 – Published: 2026-01-29 08:41 – Updated: 2026-01-29 16:53
    VLAI
    Title
    Command Injection in 1E-Nomad-RunPkgStatusRequest Instruction in TeamViewer DEX
    Summary
    A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-RunPkgStatusRequest instruction. Improper input validation allows authenticated attackers with actioner privilege to run elevated arbitrary commands on connected hosts via malicious commands injected into the instruction’s input field. Users of 1E Client version 24.5 or higher are not affected.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    TV
    Impacted products
    Vendor Product Version
    TeamViewer DEX Affected: 0 , ≤ 20 (custom)
    Create a notification for this product.
    Credits
    Lockheed Martin Red Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-23571",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-29T15:57:13.887818Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-29T16:53:17.959Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "1E-Nomad-RunPkgStatusRequest Instruction"
              ],
              "product": "DEX",
              "vendor": "TeamViewer",
              "versions": [
                {
                  "lessThanOrEqual": "20",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Lockheed Martin Red Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-RunPkgStatusRequest instruction. Improper input validation allows authenticated attackers with actioner privilege to run elevated arbitrary commands on connected hosts via malicious commands injected into the instruction\u2019s input field.\u0026nbsp;Users of 1E Client version 24.5 or higher are not affected."
                }
              ],
              "value": "A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-RunPkgStatusRequest instruction. Improper input validation allows authenticated attackers with actioner privilege to run elevated arbitrary commands on connected hosts via malicious commands injected into the instruction\u2019s input field.\u00a0Users of 1E Client version 24.5 or higher are not affected."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-248",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-248 Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-29T08:41:45.941Z",
            "orgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
            "shortName": "TV"
          },
          "references": [
            {
              "url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1002/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update the TeamViewer DEX Client (1E Client) to the latest available version.\u0026nbsp;Remove the instruction 1E-Nomad-RunPkgStatusRequest from DEX Portal."
                }
              ],
              "value": "Update the TeamViewer DEX Client (1E Client) to the latest available version.\u00a0Remove the instruction 1E-Nomad-RunPkgStatusRequest from DEX Portal."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Command Injection in 1E-Nomad-RunPkgStatusRequest Instruction in TeamViewer DEX",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
        "assignerShortName": "TV",
        "cveId": "CVE-2026-23571",
        "datePublished": "2026-01-29T08:41:45.941Z",
        "dateReserved": "2026-01-14T13:54:40.322Z",
        "dateUpdated": "2026-01-29T16:53:17.959Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-23563 (GCVE-0-2026-23563)

    Vulnerability from cvelistv5 – Published: 2026-01-29 08:39 – Updated: 2026-01-29 16:53
    VLAI
    Title
    Privilege escalation in TeamViewer DEX via DeleteFileByPath instruction
    Summary
    Improper Link Resolution Before File Access (invoked by 1E‑Explorer‑TachyonCore‑DeleteFileByPath instruction) in TeamViewer DEX - 1E Client before version 26.1 on Windows allows a low‑privileged local attacker to delete protected system files via a crafted RPC control junction or symlink that is followed when the delete instruction executes.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    TV
    Impacted products
    Vendor Product Version
    TeamViewer DEX Affected: 0 , < 26.1 (custom)
    Create a notification for this product.
    Credits
    Lockheed Martin Red Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-23563",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-29T15:57:26.896440Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-29T16:53:26.845Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "1E Client"
              ],
              "platforms": [
                "Windows"
              ],
              "product": "DEX",
              "vendor": "TeamViewer",
              "versions": [
                {
                  "lessThan": "26.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Lockheed Martin Red Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Link Resolution Before File Access (invoked by 1E\u2011Explorer\u2011TachyonCore\u2011DeleteFileByPath instruction) in TeamViewer DEX - 1E Client before version 26.1 on Windows allows a low\u2011privileged local attacker to delete protected system files via a crafted RPC control junction or symlink that is followed when the delete instruction executes."
                }
              ],
              "value": "Improper Link Resolution Before File Access (invoked by 1E\u2011Explorer\u2011TachyonCore\u2011DeleteFileByPath instruction) in TeamViewer DEX - 1E Client before version 26.1 on Windows allows a low\u2011privileged local attacker to delete protected system files via a crafted RPC control junction or symlink that is followed when the delete instruction executes."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-132",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-132 Symlink Attack"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-29T08:39:56.105Z",
            "orgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
            "shortName": "TV"
          },
          "references": [
            {
              "url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1002/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update the TeamViewer DEX Client (1E Client) to the latest available version."
                }
              ],
              "value": "Update the TeamViewer DEX Client (1E Client) to the latest available version."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Privilege escalation in TeamViewer DEX via DeleteFileByPath instruction",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
        "assignerShortName": "TV",
        "cveId": "CVE-2026-23563",
        "datePublished": "2026-01-29T08:39:56.105Z",
        "dateReserved": "2026-01-14T13:54:40.321Z",
        "dateUpdated": "2026-01-29T16:53:26.845Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }