CVE-2026-23567 - Vulnerability Details

- Integer underflow in Content Distribution Service UDP handler

Description

An integer underflow in the UDP command handler of the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an adjacent network attacker to trigger a heap-based buffer overflow and cause a denial-of-service (service crash) via specially crafted UDP packets.

Published: 2026-01-29

Score: 6.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

An integer underflow occurs in the UDP command handler of the TeamViewer Digital Employee Experience client, exposing a heap‑based buffer overflow that can be triggered by crafted packets sent over UDP. The overflow leads to a service crash, resulting in an unavailability of the Content Distribution Service and denial of service for users who rely on the client.

Affected Systems

The affected product is the TeamViewer DEX Client (formerly 1E Client) for Windows, versions prior to 26.1. The vulnerability applies to installations running on Windows operating systems where the NomadBranch.exe service listens for UDP traffic.

Risk and Exploitability

With a CVSS score of 6.5 and an EPSS probability of less than 1%, the risk is moderate, and the vulnerability is not currently listed in CISA's KEV catalog. The attack vector requires an adjacent network attacker to send specially crafted UDP packets to the service; no public exploit code is referenced, but the buffer overflow can be triggered by an attacker controlling that network.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

TeamViewer

DEX

unaffected

Version	Status	Constraints
`0`	affected	< 26.1

Configuration 1 [-]

AND

cpe:2.3:a:teamviewer:digital_employee_experience:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

No data.

Vendor	Product	Confidence	Versions
Teamviewer	Dex	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

Vendor Solution

Update the TeamViewer DEX Client (1E Client) to the latest available version.

OpenCVE Recommended Actions

Upgrade the TeamViewer DEX Client to version 26.1 or later, which contains a patch for the integer underflow and buffer overflow.
Restrict or filter UDP traffic to the NomadBranch.exe service through firewall rules or network segmentation to limit exposure to untrusted hosts.
Monitor the client for repeated service crashes and consider disabling the NomadBranch.exe component or the entire DEX service if it is not required for critical business functions.

Generated by OpenCVE AI on April 18, 2026 at 01:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00021.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1001/

History

Wed, 11 Feb 2026 20:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Microsoft Microsoft windows Teamviewer digital Employee Experience
CPEs		cpe:2.3:a:teamviewer:digital_employee_experience:::::::: cpe:2.3:o:microsoft:windows:-:::::::*
Vendors & Products		Microsoft Microsoft windows Teamviewer digital Employee Experience

Fri, 30 Jan 2026 09:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Teamviewer Teamviewer dex
Vendors & Products		Teamviewer Teamviewer dex

Thu, 29 Jan 2026 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 29 Jan 2026 09:00:00 +0000

Type	Values Removed	Values Added
Description		An integer underflow in the UDP command handler of the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an adjacent network attacker to trigger a heap-based buffer overflow and cause a denial-of-service (service crash) via specially crafted UDP packets.
Title		Integer underflow in Content Distribution Service UDP handler
Weaknesses		CWE-122
References		https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1001/
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}`

Subscriptions

Microsoft Windows

Teamviewer Dex Digital Employee Experience

MITRE

Status: PUBLISHED

Assigner: TV

Published: 2026-01-29T08:47:13.169Z

Updated: 2026-01-29T16:44:12.331Z

Reserved: 2026-01-14T13:54:40.322Z

Link: CVE-2026-23567

Vulnrichment

Updated: 2026-01-29T15:56:35.290Z

NVD

Status : Analyzed

Published: 2026-01-29T09:16:04.340

Modified: 2026-02-11T20:08:43.147

Link: CVE-2026-23567

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-18T01:30:16Z

Weaknesses

CWE-122

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object