CVE-2026-23571
Unknown Unknown - Not Provided
Command Injection in TeamViewer DEX 1E-Nomad Component

Publication date: 2026-01-29

Last updated on: 2026-02-11

Assigner: TeamViewer Germany GmbH

Description
A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-RunPkgStatusRequest instruction. Improper input validation allows authenticated attackers with actioner privilege to run elevated arbitrary commands on connected hosts via malicious commands injected into the instruction’s input field.Β Users of 1E Client version 24.5 or higher are not affected.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-29
Last Modified
2026-02-11
Generated
2026-06-16
AI Q&A
2026-01-29
EPSS Evaluated
2026-06-15
NVD
CVE-2026-23571
EUVD
EUVD-2026-4981
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
teamviewer digital_employee_experience to 26.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a command injection flaw in TeamViewer DEX, specifically in the 1E-Nomad-RunPkgStatusRequest instruction. It occurs because of improper input validation, allowing authenticated attackers with actioner privileges to execute elevated arbitrary commands on connected hosts by injecting malicious commands into the instruction's input field. Users with 1E Client version 24.5 or higher are not affected.

Impact Analysis

An attacker with actioner privileges could exploit this vulnerability to run arbitrary commands with elevated privileges on connected hosts. This could lead to unauthorized control over systems, data compromise, disruption of services, or further exploitation within the network.

Mitigation Strategies

Users should upgrade to 1E Client version 24.5 or higher, as these versions are not affected by the vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23571. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart