A missing validation check in the TeamViewer DEX Client allows an attacker on the same local network to forge timestamps in logs by sending a crafted UDP Sync command to the Content Distribution Service (NomadBranch.exe). This manipulation can create forged or nonsensical datetime prefixes, undermining the trustworthiness of audit trails, incident response records, and forensic investigations. The vulnerability does not grant code execution or system takeover, but it erodes confidence in system monitoring and log integrity.

The vulnerability affects the TeamViewer Digital Employee Experience (DEX) Client, formerly known as the 1E Client, on Windows operating systems. It applies to all releases prior to version 26.1 of the client. Devices running older versions of the client connected to a local or adjacent network are exposed.

The CVSS score of 6.5 indicates moderate severity, and the EPSS score of less than 1% suggests a low probability of exploitation at present. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Exploitation requires an adjacent network attacker to send a specially-crafted UDP Sync command, implying that the susceptible systems must accept UDP traffic from the local network or a compromised machine on the same subnet. Attackers in this setting can tamper with log timestamps but would not gain broader system control.