CVE-2026-23563 - Vulnerability Details

- Privilege escalation in TeamViewer DEX via DeleteFileByPath instruction

Description

Improper Link Resolution Before File Access (invoked by 1E‑Explorer‑TachyonCore‑DeleteFileByPath instruction) in TeamViewer DEX - 1E Client before version 26.1 on Windows allows a low‑privileged local attacker to delete protected system files via a crafted RPC control junction or symlink that is followed when the delete instruction executes.

Published: 2026-01-29

Score: 5.7 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The flaw arises from insecure link resolution before file access within the DeleteFileByPath instruction of TeamViewer DEX’s 1E‑Client. An attacker with low‑privileged local access can craft a symbolic link or RPC junction to point to protected system files. When the client resolves the link and deletes it, the attacker deletes critical files, potentially compromising the system’s integrity and enabling further privilege escalation.

Affected Systems

TeamViewer’s Digital Employee Experience (DEX) 1E‑Client running on Windows prior to version 26.1. Only Windows hosts that have the DEX client installed and are exposed to local users are impacted.

Risk and Exploitability

The CVSS score of 5.7 denotes moderate severity, while the EPSS < 1 % suggests a low probability of public exploitation. The vulnerability requires local execution; an attacker must have local user or process access and uses the DeleteFileByPath RPC control. Because it is not listed in the CISA KEV catalog, no publicly known exploits are documented, but the local impact is sufficient for administrators to apply the vendor patch promptly.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

TeamViewer

DEX

unaffected

Version	Status	Constraints
`0`	affected	< 26.1

Configuration 1 [-]

AND

cpe:2.3:a:teamviewer:digital_employee_experience:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

No data.

Vendor	Product	Confidence	Versions
Teamviewer	Dex	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

Vendor Solution

Update the TeamViewer DEX Client (1E Client) to the latest available version.

OpenCVE Recommended Actions

Upgrade the TeamViewer DEX client to the latest version (≥ 26.1) to remove the insecure link resolution logic.
Disable or uninstall the DEX client if it is not required to eliminate the attack surface.
Strengthen local user permissions and enforce system file protection to reduce the impact of unauthorized deletion attempts.

Generated by OpenCVE AI on April 18, 2026 at 01:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00037.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1002/

History

Wed, 11 Feb 2026 19:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Microsoft Microsoft windows Teamviewer digital Employee Experience
CPEs		cpe:2.3:a:teamviewer:digital_employee_experience:::::::: cpe:2.3:o:microsoft:windows:-:::::::*
Vendors & Products		Microsoft Microsoft windows Teamviewer digital Employee Experience

Fri, 30 Jan 2026 09:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Teamviewer Teamviewer dex
Vendors & Products		Teamviewer Teamviewer dex

Thu, 29 Jan 2026 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 29 Jan 2026 09:00:00 +0000

Type	Values Removed	Values Added
Description		Improper Link Resolution Before File Access (invoked by 1E‑Explorer‑TachyonCore‑DeleteFileByPath instruction) in TeamViewer DEX - 1E Client before version 26.1 on Windows allows a low‑privileged local attacker to delete protected system files via a crafted RPC control junction or symlink that is followed when the delete instruction executes.
Title		Privilege escalation in TeamViewer DEX via DeleteFileByPath instruction
Weaknesses		CWE-59
References		https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1002/
Metrics		cvssV3_1 `{'score': 5.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H'}`

Subscriptions

Microsoft Windows

Teamviewer Dex Digital Employee Experience

MITRE

Status: PUBLISHED

Assigner: TV

Published: 2026-01-29T08:39:56.105Z

Updated: 2026-01-29T16:53:26.845Z

Reserved: 2026-01-14T13:54:40.321Z

Link: CVE-2026-23563

Vulnrichment

Updated: 2026-01-29T15:57:29.097Z

NVD

Status : Analyzed

Published: 2026-01-29T09:16:03.793

Modified: 2026-02-11T19:20:41.057

Link: CVE-2026-23563

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-18T01:45:33Z

Weaknesses

CWE-59

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object