CVE-2026-8381

MEDIUM

Broken Access Control in TeamViewer DEX Platform (On Premises)

Title source: cna

Description

A broken access control vulnerability exists in the TeamViewer DEX Platform (On‑Premises) prior version 9.2. Certain backend API endpoints do not correctly enforce authorization checks, allowing an authenticated user with low privileges to perform actions and access resources intended only for higher‑privileged roles. An attacker with low‑privileged credentials may exploit this to gain unauthorized access to administrative or sensitive functionality.

References (1)

Core 1

Core References

https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1005/

Scores

CVSS v3 5.4

EPSS 0.0014

EPSS Percentile 3.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-862

Status published

Products (1)

TeamViewer/DEX (On-premises) < 9.2

Published May 22, 2026

Tracked Since May 22, 2026