CVE-2026-23572
Published: 05 February 2026
Summary
CVE-2026-23572 is a high-severity Incorrect Authorization (CWE-863) vulnerability in Teamviewer (inferred from references). Its CVSS base score is 7.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique External Remote Services (T1133); ranked at the 24.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-17 (Remote Access).
Deeper analysis
CVE-2026-23572 is an improper access control vulnerability (CWE-863) in the TeamViewer Full and Host clients for Windows, macOS, and Linux versions prior to 15.74.5. The flaw enables an authenticated user to bypass additional access controls when the "Allow after confirmation" configuration is enabled during a remote session, resulting in unauthorized access prior to local confirmation by the machine owner.
Exploitation requires the attacker to first authenticate to the remote session using ID/password, Session Link, or Easy Access, granting high privileges (PR:H). From there, an attacker can trigger the bypass over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N), achieving high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) within unchanged scope (S:U). The CVSS v3.1 base score is 7.2.
TeamViewer's security bulletin (TV-2026-1003) at https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1003/ provides further details on the issue, with mitigation centered on updating to version 15.74.5 or later to address the improper access controls.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-5555
Vulnerability details
Improper access control in the TeamViewer Full and Host clients (Windows, macOS, Linux) prior version 15.74.5 allows an authenticated user to bypass additional access controls with “Allow after confirmation” configuration in a remote session. An exploit could result in unauthorized…
more
access prior to local confirmation. The user needs to be authenticated for the remote session via ID/password, Session Link, or Easy Access as a prerequisite to exploit this vulnerability.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability bypasses confirmation controls in remote access software after valid auth, directly enabling unauthorized external remote services and remote service abuse.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces the intended access-control policy for the "Allow after confirmation" remote-session feature that the CVE bypasses.
Requires explicit authorization, monitoring, and control of remote-access sessions such as TeamViewer ID/password or Easy Access connections.
Limits privileges granted to an already-authenticated remote user so that a confirmation bypass cannot escalate to full unauthorized access.