CVE-2026-23571
Unknown Unknown - Not Provided

Command Injection in TeamViewer DEX 1E-Nomad Component

Vulnerability report for CVE-2026-23571, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-29

Last updated on: 2026-02-11

Assigner: TeamViewer Germany GmbH

Description

A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-RunPkgStatusRequest instruction. Improper input validation allows authenticated attackers with actioner privilege to run elevated arbitrary commands on connected hosts via malicious commands injected into the instruction’s input field.Β Users of 1E Client version 24.5 or higher are not affected.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-29
Last Modified
2026-02-11
Generated
2026-07-06
AI Q&A
2026-01-29
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
teamviewer digital_employee_experience to 26.1 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a command injection flaw in TeamViewer DEX, specifically in the 1E-Nomad-RunPkgStatusRequest instruction. It occurs because of improper input validation, allowing authenticated attackers with actioner privileges to execute elevated arbitrary commands on connected hosts by injecting malicious commands into the instruction's input field. Users with 1E Client version 24.5 or higher are not affected.

Impact Analysis

An attacker with actioner privileges could exploit this vulnerability to run arbitrary commands with elevated privileges on connected hosts. This could lead to unauthorized control over systems, data compromise, disruption of services, or further exploitation within the network.

Mitigation Strategies

Users should upgrade to 1E Client version 24.5 or higher, as these versions are not affected by the vulnerability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23571. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart