TeamViewer DEX Platform BADC 9.2 broken access control in API
CVE-2026-8381 Published on May 22, 2026

Broken Access Control in TeamViewer DEX Platform (On Premises)
A broken access control vulnerability exists in the TeamViewer DEX Platform (OnPremises) prior version 9.2. Certain backend API endpoints do not correctly enforce authorization checks, allowing an authenticated user with low privileges to perform actions and access resources intended only for higherprivileged roles. An attacker with lowprivileged credentials may exploit this to gain unauthorized access to administrative or sensitive functionality.

NVD

Vulnerability Analysis

CVE-2026-8381 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
LOW
Availability Impact:
NONE

Weakness Type

What is an AuthZ Vulnerability?

The software does not perform an authorization check when an actor attempts to access a resource or perform an action.

CVE-2026-8381 has been classified to as an AuthZ vulnerability or weakness.


Affected Versions

TeamViewer DEX (On-premises):