CVE-2026-23571 - Vulnerability Details - OpenCVE

A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-RunPkgStatusRequest instruction. Improper input validation allows authenticated attackers with actioner privilege to run elevated arbitrary commands on connected hosts via malicious commands injected into the instruction’s input field. Users of 1E Client version 24.5 or higher are not affected.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1002/

History

Thu, 29 Jan 2026 09:00:00 +0000

Type	Values Removed	Values Added
Description		A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-RunPkgStatusRequest instruction. Improper input validation allows authenticated attackers with actioner privilege to run elevated arbitrary commands on connected hosts via malicious commands injected into the instruction’s input field. Users of 1E Client version 24.5 or higher are not affected.
Title		Command Injection in 1E-Nomad-RunPkgStatusRequest Instruction in TeamViewer DEX
Weaknesses		CWE-20
References		https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1002/
Metrics		cvssV3_1 `{'score': 6.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: TV

Published: 2026-01-29T08:41:45.941Z

Updated: 2026-01-29T08:41:45.941Z

Reserved: 2026-01-14T13:54:40.322Z

Link: CVE-2026-23571

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-01-29T09:16:04.867

Modified: 2026-01-29T09:16:04.867

Link: CVE-2026-23571

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23571", "assignerOrgId": "13430f76-86eb-43b2-a71c-82c956ef31b6", "state": "PUBLISHED", "assignerShortName": "TV", "dateReserved": "2026-01-14T13:54:40.322Z", "datePublished": "2026-01-29T08:41:45.941Z", "dateUpdated": "2026-01-29T08:41:45.941Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["1E-Nomad-RunPkgStatusRequest Instruction"], "product": "DEX", "vendor": "TeamViewer", "versions": [{"lessThanOrEqual": "20", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Lockheed Martin Red Team"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-RunPkgStatusRequest instruction. Improper input validation allows authenticated attackers with actioner privilege to run elevated arbitrary commands on connected hosts via malicious commands injected into the instruction\u2019s input field. Users of 1E Client version 24.5 or higher are not affected."}], "value": "A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-RunPkgStatusRequest instruction. Improper input validation allows authenticated attackers with actioner privilege to run elevated arbitrary commands on connected hosts via malicious commands injected into the instruction\u2019s input field.\u00a0Users of 1E Client version 24.5 or higher are not affected."}], "impacts": [{"capecId": "CAPEC-248", "descriptions": [{"lang": "en", "value": "CAPEC-248 Command Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "13430f76-86eb-43b2-a71c-82c956ef31b6", "shortName": "TV", "dateUpdated": "2026-01-29T08:41:45.941Z"}, "references": [{"url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1002/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update the TeamViewer DEX Client (1E Client) to the latest available version. Remove the instruction 1E-Nomad-RunPkgStatusRequest from DEX Portal."}], "value": "Update the TeamViewer DEX Client (1E Client) to the latest available version.\u00a0Remove the instruction 1E-Nomad-RunPkgStatusRequest from DEX Portal."}], "source": {"discovery": "UNKNOWN"}, "title": "Command Injection in 1E-Nomad-RunPkgStatusRequest Instruction in TeamViewer DEX", "x_generator": {"engine": "Vulnogram 0.5.0"}}}}