CVE-2026-23570

MEDIUM

TeamViewer DEX Client <26.1 - Info Disclosure

Title source: llm

Description

A missing validation of a user-controlled value in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an adjacent network attacker to tamper with log timestamps via crafted UDP Sync command. This could result in forged or nonsensical datetime prefixes and compromising log integrity and forensic correlation.

References (1)

[Vendor Advisory] https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1001/

Scores

CVSS v3 6.5

EPSS 0.0007

EPSS Percentile 20.5%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-20

Status published

Products (1)

teamviewer/digital_employee_experience < 26.1

Published Jan 29, 2026

Tracked Since Feb 18, 2026