CVE-2026-23571— Command Injection in 1E-Nomad-RunPkgStatusRequest Instruction in TeamViewer DEX
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-23571
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Command Injection in 1E-Nomad-RunPkgStatusRequest Instruction in TeamViewer DEX
Source: NVD (National Vulnerability Database)
Vulnerability Description
A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-RunPkgStatusRequest instruction. Improper input validation allows authenticated attackers with actioner privilege to run elevated arbitrary commands on connected hosts via malicious commands injected into the instruction’s input field. Users of 1E Client version 24.5 or higher are not affected.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
TeamViewer DEX Client 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
TeamViewer DEX Client是德国TeamViewer公司的一个数字化员工体验和终端管理软件。 TeamViewer DEX Client存在安全漏洞,该漏洞源于输入验证不当,可能导致经过身份验证的攻击者通过恶意命令注入执行任意命令。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| TeamViewer | DEX | 0 ~ 20 | - |
II. Public POCs for CVE-2026-23571
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-23571
请登录查看更多情报信息。
Same Patch Batch · TeamViewer · 2026-01-29 · 9 CVEs total
| CVE-2026-23570 | 6.5 MEDIUM | Log timestamp tampering vulnerability in Content Distribution Service |
| CVE-2026-23569 | 6.5 MEDIUM | Out-of-bounds read vulnerability in Content Distribution Service |
| CVE-2026-23564 | 6.5 MEDIUM | Transmission of Unencrypted Data in Content Distribution Service |
| CVE-2026-23565 | 6.5 MEDIUM | Denial-of-Service in Content Distribution Service |
| CVE-2026-23567 | 6.5 MEDIUM | Integer underflow in Content Distribution Service UDP handler |
| CVE-2026-23566 | 6.5 MEDIUM | Log Injection in Content Distribution Service UDP Handler |
| CVE-2026-23563 | 5.7 MEDIUM | Privilege escalation in TeamViewer DEX via DeleteFileByPath instruction |
| CVE-2026-23568 | 5.4 MEDIUM | Out-of-bounds read vulnerability in Content Distribution Service |
IV. Related Vulnerabilities
Same product: DEX
- CVE-2026-23570
Log timestamp tampering vulnerability in Content Distributio - CVE-2026-23569
Out-of-bounds read vulnerability in Content Distribution Ser - CVE-2026-23568
Out-of-bounds read vulnerability in Content Distribution Ser - CVE-2026-23567
Integer underflow in Content Distribution Service UDP handle - CVE-2026-23566
Log Injection in Content Distribution Service UDP Handler
Same vendor: TeamViewer
- CVE-2026-23572
Improper Access Control in TeamViewer clients - CVE-2026-23570
Log timestamp tampering vulnerability in Content Distributio - CVE-2026-23569
Out-of-bounds read vulnerability in Content Distribution Ser - CVE-2026-23568
Out-of-bounds read vulnerability in Content Distribution Ser - CVE-2026-23567
Integer underflow in Content Distribution Service UDP handle
Same weakness: CWE-20
V. Comments for CVE-2026-23571
No comments yet