CVE-2026-23571

Medium CVSS: 6.8

A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-RunPkgStatusRequest instruction. Improper input validation allows authenticated attackers with actioner privilege to run elevated arbitrary commands on connected hosts via malicious commands injected into the instruction’s input field. Users of 1E Client version 24.5 or higher are not affected.

Vendor

Teamviewer

Product

Digital Employee Experience

CWE

CWE-20

Yayın Tarihi

2026-01-29 09:16:04

Güncelleme

2026-02-11 20:22:07

Source Identifier

psirt@teamviewer.com

KEV Date Added

Kategoriler

CWE-20 Digital Employee Experience MEDIUM Teamviewer 2026

Referanslar

https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1002/

Benzer Kayıtlar

Medium

CVE-2026-23565

A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior versi…

Medium

CVE-2026-23566

A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior versi…

Medium

CVE-2026-23567

An integer underflow in the UDP command handler of the TeamViewer DEX Client (former 1E Client) - Content Distribution S…

Medium

CVE-2026-23568

An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (Noma…

Medium

CVE-2026-23569

An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (Noma…

Medium

CVE-2026-23570

A missing validation of a user-controlled value in the TeamViewer DEX Client (former 1E Client) - Content Distribution S…