Cyber Resilience

CVE-2026-23568

Medium

Published: 29 January 2026

Published
29 January 2026
Modified
11 February 2026
KEV Added
Patch
CVSS Score v3.1 5.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
EPSS Score 0.0020 9.4th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2026-23568 is a medium-severity Out-of-bounds Read (CWE-125) vulnerability in Teamviewer Digital Employee Experience. Its CVSS base score is 5.4 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Credential Access (T1212); ranked at the 9.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SC-7 (Boundary Protection).

Deeper analysis

CVE-2026-23568 is an out-of-bounds read vulnerability (CWE-125) in the TeamViewer DEX Client, formerly known as the 1E Client, specifically the Content Distribution Service component (NomadBranch.exe) in versions prior to 26.1 for Windows. The issue enables an attacker on the adjacent network to cause information disclosure or denial-of-service through a specially crafted packet. Leaked memory from the vulnerability could be used to bypass Address Space Layout Randomization (ASLR) and support additional exploitation.

Attackers on the adjacent network can exploit this vulnerability with low complexity, requiring no privileges or user interaction. Per the CVSS v3.1 score of 5.4 (AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L), exploitation yields low-impact confidentiality loss via memory disclosure and low-impact availability disruption through denial-of-service, without affecting integrity or changing scope.

TeamViewer's security bulletin TV-2026-1001 provides details on mitigation for this vulnerability: https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1001/.

EU & UK References

Vulnerability details

An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause information disclosure or denial-of-service via a special crafted packet.…

more

The leaked memory could be used to bypass ASLR and facilitate further exploitation.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1212 Exploitation for Credential Access Credential Access
Adversaries may exploit software vulnerabilities in an attempt to collect credentials.
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Why these techniques?

Out-of-bounds read directly enables memory disclosure (T1005) from the local process; leaked data supports ASLR bypass and credential access (T1212) to facilitate further exploitation.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-23569Same product: Microsoft Windows
CVE-2025-44016Same product: Microsoft Windows
CVE-2026-23563Same product: Microsoft Windows
CVE-2025-24991Same vendor: Microsoft
CVE-2026-40360Same vendor: Microsoft
CVE-2026-27294Same product: Microsoft Windows
CVE-2026-9907Same product: Microsoft Windows
CVE-2026-9928Same product: Microsoft Windows
CVE-2026-25181Same vendor: Microsoft
CVE-2026-32853Shared CWE-125

Affected Assets

teamviewer
digital employee experience
≤ 26.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces validation of crafted network packets to NomadBranch.exe, preventing the out-of-bounds read that leads to memory disclosure and DoS.

prevent

Restricts inbound traffic from adjacent networks to the vulnerable Content Distribution Service, limiting exposure to unauthenticated crafted packets.

prevent

Applies memory protection mechanisms that can block or contain the information leakage used to bypass ASLR after an out-of-bounds read.

References