Cyber Resilience

CVE-2026-23572

High

Published: 05 February 2026

Published
05 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0008 24.3th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-23572 is a high-severity Incorrect Authorization (CWE-863) vulnerability in Teamviewer (inferred from references). Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique External Remote Services (T1133); ranked at the 24.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-17 (Remote Access).

Deeper analysis

CVE-2026-23572 is an improper access control vulnerability (CWE-863) in the TeamViewer Full and Host clients for Windows, macOS, and Linux versions prior to 15.74.5. The flaw enables an authenticated user to bypass additional access controls when the "Allow after confirmation" configuration is enabled during a remote session, resulting in unauthorized access prior to local confirmation by the machine owner.

Exploitation requires the attacker to first authenticate to the remote session using ID/password, Session Link, or Easy Access, granting high privileges (PR:H). From there, an attacker can trigger the bypass over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N), achieving high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) within unchanged scope (S:U). The CVSS v3.1 base score is 7.2.

TeamViewer's security bulletin (TV-2026-1003) at https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1003/ provides further details on the issue, with mitigation centered on updating to version 15.74.5 or later to address the improper access controls.

EU & UK References

Vulnerability details

Improper access control in the TeamViewer Full and Host clients (Windows, macOS, Linux) prior version 15.74.5 allows an authenticated user to bypass additional access controls with “Allow after confirmation” configuration in a remote session. An exploit could result in unauthorized…

more

access prior to local confirmation. The user needs to be authenticated for the remote session via ID/password, Session Link, or Easy Access as a prerequisite to exploit this vulnerability.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1133 External Remote Services Persistence
Adversaries may leverage external-facing remote services to initially access and/or persist within a network.
T1021 Remote Services Lateral Movement
Adversaries may use [Valid Accounts](https://attack.
Why these techniques?

Vulnerability bypasses confirmation controls in remote access software after valid auth, directly enabling unauthorized external remote services and remote service abuse.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-48064Shared CWE-863
CVE-2026-42843Shared CWE-863
CVE-2025-21565Shared CWE-863
CVE-2026-28951Shared CWE-863
CVE-2026-44110Shared CWE-863
CVE-2025-55177Shared CWE-863
CVE-2026-46823Shared CWE-863
CVE-2026-42432Shared CWE-863
CVE-2026-24851Shared CWE-863
CVE-2026-44260Shared CWE-863

Affected Assets

Teamviewer
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces the intended access-control policy for the "Allow after confirmation" remote-session feature that the CVE bypasses.

AC-17 Remote Access partial match
prevent

Requires explicit authorization, monitoring, and control of remote-access sessions such as TeamViewer ID/password or Easy Access connections.

prevent

Limits privileges granted to an already-authenticated remote user so that a confirmation bypass cannot escalate to full unauthorized access.

References