TeamViewer An All-in-One solution for remote access and support over the internet.

Known Exploited TeamViewer Vulnerabilities

The following TeamViewer vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

By the Year

In 2026 there have been 11 vulnerabilities in TeamViewer with an average score of 6.4 out of ten. Last year, in 2025 TeamViewer had 16 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in TeamViewer in 2026 could surpass last years number. Last year, the average CVE base score was greater by 0.26

Recent TeamViewer Security Vulnerabilities

CVE	Date	Vulnerability	Products
CVE-2026-2695	May 13, 2026	Command Injection in TeamViewer DEX Platform On-Premises <9.2 A command injection vulnerability was discovered in TeamViewer DEX Platform On-Premises (former 1E DEX Platform On-Premises) prior to version 9.2. Improper input validation allows authenticated users with at least questioner privileges to inject commands in specific instructions. Exploitation could lead to execution of elevated commands on devices connected to the platform.
CVE-2026-23572	Feb 05, 2026	Improper AC in TeamViewer Full/Host v<15.74.5 Improper access control intheTeamViewerFull and Host clients(Windows,macOS, Linux)priorversion15.74.5 allows an authenticated userto bypassadditionalaccess controls withAllow afterconfirmationconfigurationinaremote session.An exploit could result in unauthorized access prior to local confirmation.The user needs to be authenticated for the remote session via ID/password, Session Link, or Easy Access as a prerequisite to exploit this vulnerability.	Teamviewer
CVE-2026-23570	Jan 29, 2026	TeamViewer DEX Client <26.1: UDP Sync can forge log timestamps NomadBranch.exe A missing validation of a user-controlled value in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an adjacent network attacker to tamper with log timestamps via crafted UDP Sync command. This could result in forged or nonsensical datetime prefixes and compromising log integrity and forensic correlation.
CVE-2026-23569	Jan 29, 2026	OOB Read in TeamViewer DEX Client <26.1 via NomadBranch.exe Enables DoS & Leak An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows a remote attacker to leak stack memory and cause a denial of service via a crafted request. The leaked stack memory could be used to bypass ASLR remotely and facilitate exploitation of other vulnerabilities on the affected system.
CVE-2026-23568	Jan 29, 2026	TeamViewer DEX Client <=26.1 OOB Read in NomadBranch.exe (Info Disclosure/DOS) An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause information disclosure or denial-of-service via a special crafted packet. The leaked memory could be used to bypass ASLR and facilitate further exploitation.
CVE-2026-23567	Jan 29, 2026	TeamViewer DEX Client <26.1: Integer Underflow in UDP Handler Causing DoS An integer underflow in the UDP command handler of the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an adjacent network attacker to trigger a heap-based buffer overflow and cause a denial-of-service (service crash) via specially crafted UDP packets.
CVE-2026-23566	Jan 29, 2026	TeamViewer DEX Client pre26.1 UDP log injection (NomadBranch.exe) A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to inject, tamper with, or forge log entries in \Nomad Branch.log via crafted data sent to the UDP network handler. This can impact log integrity and nonrepudiation.
CVE-2026-23565	Jan 29, 2026	TeamViewer DEX Client 26.1 NOMABRANCH.exe DoS via crafted requests A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause the NomadBranch.exe process to terminate via crafted requests. This can result in a denial-of-service condition of the Content Distribution Service.
CVE-2026-23564	Jan 29, 2026	TeamViewer DEX Client <26.1: UDP Cleartext Leak (NomadBranch.exe) A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause normally encrypted UDP traffic to be sent in cleartext. This can result in disclosure of sensitive information.
CVE-2026-23571	Jan 29, 2026	Command Injection in TeamViewer DEX 1E-Nomad RunPkgStatus (<=24.5) A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-RunPkgStatusRequest instruction. Improper input validation allows authenticated attackers with actioner privilege to run elevated arbitrary commands on connected hosts via malicious commands injected into the instructions input field. Users of 1E Client version 24.5 or higher are not affected.
CVE-2026-23563	Jan 29, 2026	TeamViewer DEX 1E Client <26.1 - Link Resolution Deletes System Files Improper Link Resolution Before File Access (invoked by 1EExplorerTachyonCoreDeleteFileByPath instruction) in TeamViewer DEX - 1E Client before version 26.1 on Windows allows a lowprivileged local attacker to delete protected system files via a crafted RPC control junction or symlink that is followed when the delete instruction executes.
CVE-2025-64995	Dec 11, 2025	Privilege Escalation in TeamViewer DEX <3.4 A privilege escalation vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Exchange-NomadClientHealth-ConfigureGeneralSetting instruction prior V3.4. Improper protection of the execution path on the local device allows attackers, with local access to the device during execution, to hijack the process and execute arbitrary code with SYSTEM privileges.
CVE-2025-64994	Dec 11, 2025	Privilege Escalation in TeamViewer DEX 1ENomadSetWorkRate before V17.1 A privilege escalation vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-SetWorkRate instruction prior V17.1. The improper handling of executable search paths could allow local attackers with write access to a PATH directory on a device to escalate privileges and execute arbitrary code as SYSTEM.
CVE-2025-64993	Dec 11, 2025	TeamViewer DEX Command Injection in 1EConfigMgrExt Allows Authenticated Remote Exec A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-ConfigMgrConsoleExtensions instructions. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote execution of elevated commands on devices connected to the platform.
CVE-2025-64992	Dec 11, 2025	TeamViewer DEX: Command Injection via 1E-Nomad (CVE202564992) A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-PauseNomadJobQueue instruction prior V25. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote execution of elevated commands on devices connected to the platform.
CVE-2025-64991	Dec 11, 2025	TeamViewer DEX Command Injection via 1E-PatchInsights-Deploy (CVE-2025-64991) A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-PatchInsights-Deploy instruction prior V15. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote execution of elevated commands on devices connected to the platform.
CVE-2025-64990	Dec 11, 2025	Command Injection in TeamViewer DEX 1E-Explorer-TachyonCore Logoff prior v21.1 A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Explorer-TachyonCore-LogoffUser instruction prior V21.1. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote execution of elevated commands on devices connected to the platform.
CVE-2025-64989	Dec 11, 2025	Vuln: Authenticated Cmd Injection in TeamViewer DEX <21.1 1E-Explorer component A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Explorer-TachyonCore-FindFileBySizeAndHash instruction prior V21.1. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote execution of elevated commands on devices connected to the platform.
CVE-2025-64988	Dec 11, 2025	Command Injection in TeamViewer DEX 1E-Nomad-GetCmContentLocations <V19.2 A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-GetCmContentLocations instruction prior V19.2. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote execution of elevated commands on devices connected to the platform.
CVE-2025-64987	Dec 11, 2025	TeamViewer DEX Command Injection via 1E-Explorer-TachyonCore-CheckSimpleIoC A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Explorer-TachyonCore-CheckSimpleIoC instruction. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote execution of elevated commands on devices connected to the platform.
CVE-2025-64986	Dec 11, 2025	TeamViewer DEX - Authenticated Command Injection via 1E-Explorer-TachyonCore A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Explorer-TachyonCore-DevicesListeningOnAPort instruction prior V21. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote execution of elevated commands on devices connected to the platform.
CVE-2025-46266	Dec 11, 2025	TeamViewer DEX Client 25.11 NomadBranch.exe IP Leak Vulnerability A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 25.11 for Windows allows malicious actors to coerce the service into transmitting data to an arbitrary internal IP address, potentially leaking sensitive information.
CVE-2025-44016	Dec 11, 2025	TeamViewer DEX Client <=25.11 Windows CI Validation Bypass (NomadBranch.exe) A vulnerability in TeamViewer DEX Client (former 1E client) - Content Distribution Service (NomadBranch.exe) prior version 25.11 for Windows allows malicious actors to bypass file integrity validation via a crafted request. By providing a valid hash for a malicious file, an attacker can cause the service to incorrectly validate and process the file as trusted, enabling arbitrary code execution under the Nomad Branch service context.
CVE-2025-12687	Dec 11, 2025	DoS in TeamViewer DEX Client NomadBranch.exe <25.11 via crafted cmd A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 25.11 for Windows allows malicious actors to cause a denial of service (application crash) via a crafted command, resulting in service termination.
CVE-2025-41421	Oct 01, 2025	TeamViewer 15.70: Symb. Link Escalation via Update Path Spoofing Improper handling of symbolic links in the TeamViewer Full Client and Host for Windows in versions prior to 15.70 of TeamViewer Remote and Tensor allows an attacker with local, unprivileged access to a device lacking adequate malware protection to escalate privileges by spoofing the update file path. This may result in unauthorized access to sensitive information.	Host Full Client
CVE-2025-36537	Jun 24, 2025	Permission Flaw in TeamViewer Client <=15.67 Enables SYSTEM File Delete Incorrect Permission Assignment for Critical Resource in the TeamViewer Client (Full and Host) of TeamViewer Remote and Tensor prior Version 15.67 on Windows allows a local unprivileged user to trigger arbitrary file deletion with SYSTEM privileges via leveraging the MSI rollback mechanism. The vulnerability only applies to the Remote Management features: Backup, Monitoring, and Patch Management.	Teamviewer
CVE-2025-0065	Jan 28, 2025	TeamViewer Clients <15.62: TA_Service.exe Arg Injection Escalate Privileges Improper Neutralization of Argument Delimiters in the TeamViewer_service.exe component of TeamViewer Clients prior version 15.62 for Windows allows an attacker with local unprivileged access on a Windows system to elevate privileges via argument injection.	Teamviewer
CVE-2024-6053	Aug 28, 2024	TeamViewer Full Client v15.57 & Meeting v15.55.3 clipboard sync improper access control Improper access control in the clipboard synchronization feature in TeamViewer Full Client prior version 15.57 and TeamViewer Meeting prior version 15.55.3 can lead to unintentional sharing of the clipboard with the current presenter of a meeting.	Meeting Teamviewer
CVE-2024-0819	Feb 27, 2024	TeamViewer Client <15.51.5 Escalation via Improper Defaults (CVE-2024-0819) Improper initialization of default settings in TeamViewer Remote Client prior version 15.51.5 for Windows, Linux and macOS, allow a low privileged user to elevate privileges by changing the personal password setting and establishing a remote connection to a logged-in admin account.	Remote Teamviewer
CVE-2022-23242	Mar 23, 2022	TeamViewer Linux versions before 15.28 do not properly execute a deletion command for the connection password in case of a process crash TeamViewer Linux versions before 15.28 do not properly execute a deletion command for the connection password in case of a process crash. Knowledge of the crash event and the TeamViewer ID as well as either possession of the pre-crash connection password or local authenticated access to the machine would have allowed to establish a remote connection by reusing the not properly deleted connection password.	Teamviewer
CVE-2021-35005	Jan 24, 2022	This vulnerability allows local attackers to disclose sensitive information on affected installations of TeamViewer This vulnerability allows local attackers to disclose sensitive information on affected installations of TeamViewer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the TeamViewer service. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated array. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-13818.	Teamviewer
CVE-2021-34858	Jan 13, 2022	This vulnerability allows remote attackers to execute arbitrary code on affected installations of TeamViewer This vulnerability allows remote attackers to execute arbitrary code on affected installations of TeamViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TVS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13606.	Teamviewer
CVE-2021-34859	Oct 25, 2021	This vulnerability allows remote attackers to execute arbitrary code on affected installations of TeamViewer 15.16.8.0 This vulnerability allows remote attackers to execute arbitrary code on affected installations of TeamViewer 15.16.8.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TVS files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13697.	Teamviewer
CVE-2019-18988	Feb 07, 2020	TeamViewer Desktop through 14.7.1965 TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login access control because the same key is used for different customers' installations. It used a shared AES key for all installations since at least as far back as v7.0.43148, and used it for at least OptionsPasswordAES in the current version of the product. If an attacker were to know this key, they could decrypt protect information stored in the registry or configuration files of TeamViewer. With versions before v9.x , this allowed for attackers to decrypt the Unattended Access password to the system (which allows for remote login to the system as well as headless file browsing). The latest version still uses the same key for OptionPasswordAES but appears to have changed how the Unattended Access password is stored. While in most cases an attacker requires an existing session on a system, if the registry/configuration keys were stored off of the machine (such as in a file share or online), an attacker could then decrypt the required password to login to the system.	Teamviewer
CVE-2019-18251	Nov 26, 2019	In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Supervisor ships with Teamviewer Version 5.0.8703 QS In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Supervisor ships with Teamviewer Version 5.0.8703 QS. This version of Teamviewer is vulnerable to an obsolete function vulnerability requiring user interaction to exploit.	Teamviewer
CVE-2019-11769	Sep 11, 2019	An issue was discovered in TeamViewer 14.2.2558 An issue was discovered in TeamViewer 14.2.2558. Updating the product as a non-administrative user requires entering administrative credentials into the GUI. Subsequently, these credentials are processed in Teamviewer.exe, which allows any application running in the same non-administrative user context to intercept them in cleartext within process memory. By using this technique, a local attacker is able to obtain administrative credentials in order to elevate privileges. This vulnerability can be exploited by injecting code into Teamviewer.exe which intercepts calls to GetWindowTextW and logs the processed credentials.	Teamviewer
CVE-2018-16550	Sep 05, 2018	TeamViewer 10.x through 13.x TeamViewer 10.x through 13.x allows remote attackers to bypass the brute-force authentication protection mechanism by skipping the "Cancel" step, which makes it easier to determine the correct value of the default 4-digit PIN.	Teamviewer
CVE-2018-14333	Jul 17, 2018	TeamViewer through 13.1.1548 stores a password in Unicode format within TeamViewer.exe process memory between "[00 88] and "[00 00 00]" delimiters TeamViewer through 13.1.1548 stores a password in Unicode format within TeamViewer.exe process memory between "[00 88] and "[00 00 00]" delimiters, which might make it easier for attackers to obtain sensitive information by leveraging an unattended workstation on which TeamViewer has disconnected but remains running.	Teamviewer