CVE-2026-23571 - Vulnerability Details

- Command Injection in 1E-Nomad-RunPkgStatusRequest Instruction in TeamViewer DEX

Description

A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-RunPkgStatusRequest instruction. Improper input validation allows authenticated attackers with actioner privilege to run elevated arbitrary commands on connected hosts via malicious commands injected into the instruction’s input field. Users of 1E Client version 24.5 or higher are not affected.

Published: 2026-01-29

Score: 6.8 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A command injection flaw exists in the 1E-Nomad-RunPkgStatusRequest instruction of TeamViewer DEX. The lack of proper input validation allows an authenticated user who has actioner privileges to inject and execute arbitrary elevated commands on hosts that are connected to the DEX Portal. This is a type of input validation weakness (CWE‑20) and can compromise confidentiality, integrity, and availability of the affected systems.

Affected Systems

The vulnerability affects the TeamViewer Digital Employee Experience (DEX) client, also known as the 1E Client. Users running the 1E Client version below 24.5 are vulnerable; users of version 24.5 or later are not affected. The issue is present in environments where TeamViewer DEX is deployed and the suspect instruction is enabled.

Risk and Exploitability

The CVSS score of 6.8 indicates a medium to high severity. The EPSS probability is below 1 %, suggesting a low likelihood of widespread exploitation at this time. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires valid credentials with actioner role access and the presence of the 1E-Nomad-RunPkgStatusRequest instruction, meaning the attack surface is restricted to privileged users within authenticated DEX sessions.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

TeamViewer

DEX

unaffected

Version	Status	Constraints
`0`	affected	≤ 20

Configuration 1 [-]

AND

cpe:2.3:a:teamviewer:digital_employee_experience:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

No data.

Vendor	Product	Confidence	Versions
Teamviewer	Dex	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

Vendor Solution

Update the TeamViewer DEX Client (1E Client) to the latest available version. Remove the instruction 1E-Nomad-RunPkgStatusRequest from DEX Portal.

OpenCVE Recommended Actions

Update the TeamViewer DEX Client (1E Client) to the latest available version
Remove the 1E-Nomad-RunPkgStatusRequest instruction from the DEX Portal
Re‑evaluate and limit actioner privileges to only users that truly need them

Generated by OpenCVE AI on April 18, 2026 at 01:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00069.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1002/

History

Wed, 11 Feb 2026 20:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Microsoft Microsoft windows Teamviewer digital Employee Experience
CPEs		cpe:2.3:a:teamviewer:digital_employee_experience:::::::: cpe:2.3:o:microsoft:windows:-:::::::*
Vendors & Products		Microsoft Microsoft windows Teamviewer digital Employee Experience

Fri, 30 Jan 2026 09:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Teamviewer Teamviewer dex
Vendors & Products		Teamviewer Teamviewer dex

Thu, 29 Jan 2026 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 29 Jan 2026 09:00:00 +0000

Type	Values Removed	Values Added
Description		A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-RunPkgStatusRequest instruction. Improper input validation allows authenticated attackers with actioner privilege to run elevated arbitrary commands on connected hosts via malicious commands injected into the instruction’s input field. Users of 1E Client version 24.5 or higher are not affected.
Title		Command Injection in 1E-Nomad-RunPkgStatusRequest Instruction in TeamViewer DEX
Weaknesses		CWE-20
References		https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1002/
Metrics		cvssV3_1 `{'score': 6.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H'}`

Subscriptions

Microsoft Windows

Teamviewer Dex Digital Employee Experience

MITRE

Status: PUBLISHED

Assigner: TV

Published: 2026-01-29T08:41:45.941Z

Updated: 2026-01-29T16:53:17.959Z

Reserved: 2026-01-14T13:54:40.322Z

Link: CVE-2026-23571

Vulnrichment

Updated: 2026-01-29T15:57:21.342Z

NVD

Status : Analyzed

Published: 2026-01-29T09:16:04.867

Modified: 2026-02-11T20:22:07.887

Link: CVE-2026-23571

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-18T01:45:33Z

Weaknesses

CWE-20

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object