CVE-2026-23569 - Vulnerability Details

- Out-of-bounds read vulnerability in Content Distribution Service

Description

An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows a remote attacker to leak stack memory and cause a denial of service via a crafted request. The leaked stack memory could be used to bypass ASLR remotely and facilitate exploitation of other vulnerabilities on the affected system.

Published: 2026-01-29

Score: 6.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

An out-of-bounds read was discovered in the TeamViewer DEX Client (formerly 1E Client) Content Distribution Service (NomadBranch.exe). The flaw permits an attacker that can send a crafted request to trigger the read, exposing stack memory that can be used to bypass address space layout randomization and to crash the application, resulting in a denial of service. The weakness is classified as CWE‑125.

Affected Systems

The vulnerability affects the TeamViewer Digital Employee Experience (DEX) Client for Windows prior to version 26.1. Administrators should verify whether NomadBranch.exe is deployed on their Windows endpoints, as it is the component that processes external requests. Windows operating systems serve as the host, but the bug is specific to the DEX client binary.

Risk and Exploitability

The CVSS score of 6.5 indicates a medium severity, while the EPSS score of less than 1% suggests a low probability of exploitation at this time. The vulnerability has not been listed in the CISA Known Exploited Vulnerabilities catalog. The likely attack vector is remote, via a network request to the vulnerable service; an attacker does not need local privileges. If exploited, the primary impact would be memory disclosure and service disruption, and the leaked data could facilitate further attacks such as ASLR bypass at the host.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

TeamViewer

DEX

unaffected

Version	Status	Constraints
`0`	affected	< 26.1

Configuration 1 [-]

AND

cpe:2.3:a:teamviewer:digital_employee_experience:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

No data.

Vendor	Product	Confidence	Versions
Teamviewer	Dex	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

Vendor Solution

Update the TeamViewer DEX Client (1E Client) to the latest available version.

OpenCVE Recommended Actions

Update the TeamViewer DEX Client to a version equal to or newer than 26.1, which removes the out-of-bounds read.
If an immediate update is not possible, block external access to NomadBranch.exe or disable the Content Distribution Service altogether to prevent remote requests.
Apply general Windows security best practices, including keeping the operating system patched and configuring firewalls to restrict unnecessary inbound traffic.

Generated by OpenCVE AI on April 18, 2026 at 01:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00054.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1001/

History

Wed, 11 Feb 2026 20:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Microsoft Microsoft windows Teamviewer digital Employee Experience
CPEs		cpe:2.3:a:teamviewer:digital_employee_experience:::::::: cpe:2.3:o:microsoft:windows:-:::::::*
Vendors & Products		Microsoft Microsoft windows Teamviewer digital Employee Experience

Fri, 30 Jan 2026 09:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Teamviewer Teamviewer dex
Vendors & Products		Teamviewer Teamviewer dex

Thu, 29 Jan 2026 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 29 Jan 2026 09:00:00 +0000

Type	Values Removed	Values Added
Description		An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows a remote attacker to leak stack memory and cause a denial of service via a crafted request. The leaked stack memory could be used to bypass ASLR remotely and facilitate exploitation of other vulnerabilities on the affected system.
Title		Out-of-bounds read vulnerability in Content Distribution Service
Weaknesses		CWE-125
References		https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1001/
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}`

Subscriptions

Microsoft Windows

Teamviewer Dex Digital Employee Experience

MITRE

Status: PUBLISHED

Assigner: TV

Published: 2026-01-29T08:49:32.260Z

Updated: 2026-01-29T16:00:12.743Z

Reserved: 2026-01-14T13:54:40.322Z

Link: CVE-2026-23569

Vulnrichment

Updated: 2026-01-29T16:00:07.495Z

NVD

Status : Analyzed

Published: 2026-01-29T09:16:04.603

Modified: 2026-02-11T20:10:07.267

Link: CVE-2026-23569

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-18T01:30:16Z

Weaknesses

CWE-125

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object