CVE-2026-23566
Log Injection Vulnerability in TeamViewer DEX Client UDP Handler
Publication date: 2026-01-29
Last updated on: 2026-02-11
Assigner: TeamViewer Germany GmbH
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| teamviewer | digital_employee_experience | to 26.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in TeamViewer DEX Client's Content Distribution Service (NomadBranch.exe) prior to version 26.1 for Windows. It allows an attacker on the adjacent network to inject, tamper with, or forge log entries in the Nomad Branch.log file by sending crafted data to the UDP network handler. This compromises the integrity of the logs and affects their reliability.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an attacker to alter or forge log entries, which undermines the integrity and trustworthiness of the logs. This can affect nonrepudiation, meaning it may be difficult to prove actions or events recorded in the logs, potentially hiding malicious activity or causing incorrect audit trails.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability impacts log integrity and nonrepudiation by allowing an attacker to inject, tamper with, or forge log entries. This could potentially affect compliance with standards and regulations that require accurate and tamper-proof logging, such as GDPR and HIPAA, which mandate maintaining the integrity of audit logs for security and accountability purposes.