CVE-2026-23568

Medium

Published: 29 January 2026

Published

29 January 2026

Modified

11 February 2026

KEV Added

—

Patch

—

CVSS Score 5.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

EPSS Score 0.0001 1.0th percentile

Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-23568 is a medium-severity Out-of-bounds Read (CWE-125) vulnerability in Teamviewer Digital Employee Experience. Its CVSS base score is 5.4 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Credential Access (T1212); ranked at the 1.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Credential Access (T1212) and 1 other technique.

Threat & Defense Details

MITRE ATT&CK Enterprise TechniquesAI

T1212 Exploitation for Credential Access Credential Access

Adversaries may exploit software vulnerabilities in an attempt to collect credentials.

attack.mitre.org →

T1005 Data from Local System Collection

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

attack.mitre.org →

Why these techniques?

Out-of-bounds read directly enables memory disclosure (T1005) from the local process; leaked data supports ASLR bypass and credential access (T1212) to facilitate further exploitation.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause information disclosure or denial-of-service via a special crafted packet.…

The leaked memory could be used to bypass ASLR and facilitate further exploitation.

Deeper analysisAI

CVE-2026-23568 is an out-of-bounds read vulnerability (CWE-125) in the TeamViewer DEX Client, formerly known as the 1E Client, specifically the Content Distribution Service component (NomadBranch.exe) in versions prior to 26.1 for Windows. The issue enables an attacker on the adjacent network to cause information disclosure or denial-of-service through a specially crafted packet. Leaked memory from the vulnerability could be used to bypass Address Space Layout Randomization (ASLR) and support additional exploitation.

Attackers on the adjacent network can exploit this vulnerability with low complexity, requiring no privileges or user interaction. Per the CVSS v3.1 score of 5.4 (AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L), exploitation yields low-impact confidentiality loss via memory disclosure and low-impact availability disruption through denial-of-service, without affecting integrity or changing scope.

TeamViewer's security bulletin TV-2026-1001 provides details on mitigation for this vulnerability: https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1001/.

Details

CWE(s): CWE-125

Affected Products

teamviewer

digital employee experience

≤ 26.1

CVEs Like This One

CVE-2026-23569Same product: Microsoft Windows

CVE-2026-23563Same product: Microsoft Windows

CVE-2025-44016Same product: Microsoft Windows

CVE-2025-24991Same vendor: Microsoft

CVE-2026-27294Same product: Microsoft Windows

CVE-2026-25181Same vendor: Microsoft

CVE-2026-32853Shared CWE-125

CVE-2026-21322Same product: Microsoft Windows

CVE-2026-27269Same product: Microsoft Windows

CVE-2026-21345Same product: Microsoft Windows

References

https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1001/
Vendor Advisory · psirt@teamviewer.com