CVE-2026-23568
Published: 29 January 2026
Summary
CVE-2026-23568 is a medium-severity Out-of-bounds Read (CWE-125) vulnerability in Teamviewer Digital Employee Experience. Its CVSS base score is 5.4 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Credential Access (T1212); ranked at the 9.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SC-7 (Boundary Protection).
Deeper analysis
CVE-2026-23568 is an out-of-bounds read vulnerability (CWE-125) in the TeamViewer DEX Client, formerly known as the 1E Client, specifically the Content Distribution Service component (NomadBranch.exe) in versions prior to 26.1 for Windows. The issue enables an attacker on the adjacent network to cause information disclosure or denial-of-service through a specially crafted packet. Leaked memory from the vulnerability could be used to bypass Address Space Layout Randomization (ASLR) and support additional exploitation.
Attackers on the adjacent network can exploit this vulnerability with low complexity, requiring no privileges or user interaction. Per the CVSS v3.1 score of 5.4 (AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L), exploitation yields low-impact confidentiality loss via memory disclosure and low-impact availability disruption through denial-of-service, without affecting integrity or changing scope.
TeamViewer's security bulletin TV-2026-1001 provides details on mitigation for this vulnerability: https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1001/.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-4992
Vulnerability details
An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause information disclosure or denial-of-service via a special crafted packet.…
more
The leaked memory could be used to bypass ASLR and facilitate further exploitation.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Out-of-bounds read directly enables memory disclosure (T1005) from the local process; leaked data supports ASLR bypass and credential access (T1212) to facilitate further exploitation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces validation of crafted network packets to NomadBranch.exe, preventing the out-of-bounds read that leads to memory disclosure and DoS.
Restricts inbound traffic from adjacent networks to the vulnerable Content Distribution Service, limiting exposure to unauthenticated crafted packets.
Applies memory protection mechanisms that can block or contain the information leakage used to bypass ASLR after an out-of-bounds read.