CVE-2026-23571
Last modified
CVE-2026-23571 is a medium-severity vulnerability rated 6.8/10 on the CVSS scale. A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-RunPkgStatusRequest instruction. Improper input validation allows authenticated attackers with actioner privilege to run elevated arbitrary commands on connected hosts via malicious commands injected into the instruction’s input field. Users of 1E Client version 24.5 or higher are not affected.. EPSS estimates a 0.66% chance of exploitation in the next 30 days.
Description
A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-RunPkgStatusRequest instruction. Improper input validation allows authenticated attackers with actioner privilege to run elevated arbitrary commands on connected hosts via malicious commands injected into the instruction’s input field. Users of 1E Client version 24.5 or higher are not affected.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Teamviewer | Digital Employee Experience | < 26.1 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-23571?
How severe is CVE-2026-23571?
How do I fix CVE-2026-23571?
Are you affected by CVE-2026-23571?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST