CVE-2026-23568 - Vulnerability Details

- Out-of-bounds read vulnerability in Content Distribution Service

Description

An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause information disclosure or denial-of-service via a special crafted packet. The leaked memory could be used to bypass ASLR and facilitate further exploitation.

Published: 2026-01-29

Score: 5.4 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

An out‑of‑bounds read is present in the TeamViewer DEX Client’s Content Distribution Service (NomadBranch.exe) on all Windows platforms prior to version 26.1. A crafted network packet sent from an adjacent system can trigger a memory read beyond the allocated buffer, exposing raw memory contents and potentially enabling an attacker to bypass address‑space layout randomization for subsequent exploitation. The vulnerability can also lead to a denial of service if the read causes the client to crash or become unresponsive.

Affected Systems

The affected product is the TeamViewer Digital Employee Experience (DEX) Client, formerly the 1E Client, version 26.1 and earlier on Microsoft Windows. Only the Windows distribution of NomadBranch.exe is impacted; other operating systems are not currently affected.

Risk and Exploitability

With a CVSS score of 5.4 the risk is considered medium. The EPSS score is less than 1 %, indicating a very low probability of exploitation from the public SaaS data set. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is a malformed packet injected over the local or adjacent network, requiring network proximity to the victim’s machine and the DEX client to be actively running.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

TeamViewer

DEX

unaffected

Version	Status	Constraints
`0`	affected	< 26.1

Configuration 1 [-]

AND

cpe:2.3:a:teamviewer:digital_employee_experience:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

No data.

Vendor	Product	Confidence	Versions
Teamviewer	Dex	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

Vendor Solution

Update the TeamViewer DEX Client (1E Client) to the latest available version.

OpenCVE Recommended Actions

Upgrade the TeamViewer DEX Client to the latest available version that includes the fix for the out‑of‑bounds read.
If a recent update cannot be applied immediately, disable or uninstall the Content Distribution Service component (NomadBranch.exe) until a fix is available.
Apply network segmentation or firewall rules to restrict local network access to machines running the TeamViewer DEX Client, preventing an attacker from sending the specially crafted packet.

Generated by OpenCVE AI on April 18, 2026 at 01:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00009.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1001/

History

Wed, 11 Feb 2026 20:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Microsoft Microsoft windows Teamviewer digital Employee Experience
CPEs		cpe:2.3:a:teamviewer:digital_employee_experience:::::::: cpe:2.3:o:microsoft:windows:-:::::::*
Vendors & Products		Microsoft Microsoft windows Teamviewer digital Employee Experience

Fri, 30 Jan 2026 09:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Teamviewer Teamviewer dex
Vendors & Products		Teamviewer Teamviewer dex

Thu, 29 Jan 2026 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 29 Jan 2026 09:00:00 +0000

Type	Values Removed	Values Added
Description		An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause information disclosure or denial-of-service via a special crafted packet. The leaked memory could be used to bypass ASLR and facilitate further exploitation.
Title		Out-of-bounds read vulnerability in Content Distribution Service
Weaknesses		CWE-125
References		https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1001/
Metrics		cvssV3_1 `{'score': 5.4, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L'}`

Subscriptions

Microsoft Windows

Teamviewer Dex Digital Employee Experience

MITRE

Status: PUBLISHED

Assigner: TV

Published: 2026-01-29T08:48:17.551Z

Updated: 2026-01-29T16:04:44.937Z

Reserved: 2026-01-14T13:54:40.322Z

Link: CVE-2026-23568

Vulnrichment

Updated: 2026-01-29T16:04:40.962Z

NVD

Status : Analyzed

Published: 2026-01-29T09:16:04.473

Modified: 2026-02-11T20:09:18.650

Link: CVE-2026-23568

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-18T01:30:16Z

Weaknesses

CWE-125

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact Low

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object