CVE-2026-23566

A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to inject, tamper with, or forge log entries in \Nomad Branch.log via crafted data sent to the UDP network handler. This can impact log integrity and nonrepudiation.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1001/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:teamviewer:digital_employee_experience:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-01-29 09:16

Updated : 2026-02-11 19:42

NVD link : CVE-2026-23566

Mitre link : CVE-2026-23566

CVE.ORG link : CVE-2026-23566

JSON object : View

Products Affected

microsoft

windows

teamviewer

digital_employee_experience

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2026-23566", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@teamviewer.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2026-01-29T09:16:04.217", "references": [{"url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1001/", "tags": ["Vendor Advisory"], "source": "psirt@teamviewer.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@teamviewer.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to inject, tamper with, or forge log entries in \\Nomad Branch.log via crafted data sent to the UDP network handler. This can impact log integrity and nonrepudiation."}, {"lang": "es", "value": "Una vulnerabilidad en TeamViewer DEX Client (anteriormente 1E Client) - Servicio de Distribuci\u00f3n de Contenido (NomadBranch.exe) anterior a la versi\u00f3n 26.1 para Windows permite a un atacante en la red adyacente inyectar, manipular o falsificar entradas de registro en \\Nomad Branch.log a trav\u00e9s de datos manipulados enviados al manejador de red UDP. Esto puede impactar la integridad del registro y la no repudiaci\u00f3n."}], "lastModified": "2026-02-11T19:42:27.537", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:teamviewer:digital_employee_experience:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E2A5CE4-D147-45E1-8D16-3257B6E79E70", "versionEndExcluding": "26.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@teamviewer.com"}