Security Bulletins

TV-2026-1005

Broken Access Control in TeamViewer DEX Platform (On‑Premises)

Bulletin ID
TV-2026-1005
Issue Date
May 22, 2026
Last Update
May 22, 2026
Priority
Moderate
CVSS
5.4 (Medium)
Assigned CVE
CVE-2026-8381
Affected Products
TeamViewer DEX Platform - On-Premises (formerly 1E DEX)

1. Summary

A broken access control vulnerability was identified in the TeamViewer DEX Platform (On‑Premises), where certain backend API endpoints do not sufficiently enforce server‑side authorization checks.

This allows authenticated users with low privileges to access or perform actions that should be restricted to higher‑privileged roles, such as administrative users.

2. Vulnerability details

CVE-ID

CVE-2026-8381

Description

A broken access control vulnerability exists in the TeamViewer DEX Platform (On‑Premises) prior version 9.2. Certain backend API endpoints do not correctly enforce authorization checks, allowing an authenticated user with low privileges to perform actions and access resources intended only for higher‑privileged roles.

 

An attacker with low‑privileged credentials may exploit this to gain unauthorized access to administrative or sensitive functionality.

 

The vulnerability has been fixed with version 9.2 and additional versions listed below. We recommend updating to the latest available version.

 

TeamViewer is not aware of any indications that this vulnerability has been exploited in the wild.

CVSS3.1 Score

Base Score 5.4 (Medium)

CVSS3.1 Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Problem type

CWE-862: Missing Authorization

3. Affected software and versions

Product
Versions
Info

TeamViewer DEX Platform (On-Premises)

< 9.2

New version available via Support Portal

4. Solutions and mitigations

Update to the latest version (v9.2 or the latest version available).