CVE-2026-23569
Published: 29 January 2026
Summary
CVE-2026-23569 is a medium-severity Out-of-bounds Read (CWE-125) vulnerability in Teamviewer Digital Employee Experience. Its CVSS base score is 6.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 16.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Out-of-bounds read enables remote stack memory disclosure (T1005/T1082) from the NomadBranch service and DoS via crafted requests (T1499.004); ASLR bypass directly facilitates remote service exploitation (T1210) and follow-on attacks.
NVD Description
An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows a remote attacker to leak stack memory and cause a denial of service via a crafted request.…
more
The leaked stack memory could be used to bypass ASLR remotely and facilitate exploitation of other vulnerabilities on the affected system.
Deeper analysisAI
CVE-2026-23569 is an out-of-bounds read vulnerability (CWE-125) affecting the TeamViewer DEX Client, formerly known as the 1E Client, specifically in its Content Distribution Service component (NomadBranch.exe) for Windows in versions prior to 26.1. Published on 2026-01-29, the flaw has a CVSS v3.1 base score of 6.5 (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). It allows a remote attacker to leak stack memory and induce a denial of service via a crafted request, with the leaked memory potentially usable to bypass Address Space Layout Randomization (ASLR) remotely and enable exploitation of other vulnerabilities on the system.
An attacker on an adjacent network can exploit this vulnerability without privileges or user interaction, requiring only low complexity to send a malicious request to the vulnerable NomadBranch.exe process. This results in stack memory disclosure, providing insights into the memory layout that could defeat ASLR protections, alongside a denial of service that disrupts service availability.
The TeamViewer security bulletin at https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1001/ provides further details on mitigation and patches for this issue.
Details
- CWE(s)