CVE-2026-8381 PUBLISHED

Broken Access Control in TeamViewer DEX Platform (On Premises)

Assigner: TV
Reserved: 12.05.2026 Published: 22.05.2026 Updated: 22.05.2026

A broken access control vulnerability exists in the TeamViewer DEX Platform (On‑Premises) prior version 9.2. Certain backend API endpoints do not correctly enforce authorization checks, allowing an authenticated user with low privileges to perform actions and access resources intended only for higher‑privileged roles. An attacker with low‑privileged credentials may exploit this to gain unauthorized access to administrative or sensitive functionality.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CVSS Score: 5.4

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	Low
Privileges Required	Low	Integrity Impact	Low
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	TeamViewer
Product	DEX (On-premises)
Versions	Default: unaffected affected from 0 to 9.2 (excl.)

Solutions

Update to the latest version (9.2 or the latest version available).

References

https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1005/

Problem Types

CWE-862 – Missing Authorization CWE

Impacts

CAPEC-122 Privilege Abuse