CVE-2026-8381

EUVD-2026-31420

22.05.2026, 09:16

A broken access
control vulnerability exists in the TeamViewer DEX Platform (On‑Premises) prior version 9.2. Certain backend API endpoints do not
correctly enforce authorization checks, allowing an authenticated user with low
privileges to perform actions and access resources intended only for higher‑privileged roles. An attacker with
low‑privileged credentials may exploit
this to gain unauthorized access to administrative or sensitive functionality.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.4 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 8%

Common Weakness Enumeration

CWE-862 - Missing Authorization
The software does not perform an authorization check when an actor attempts to access a resource or perform an action.

Vulnerability Media Exposure

[GERMAN] TeamViewer: Schwachstelle ermöglicht Privilegieneskalation
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in TeamViewer ausnutzen, um seine Privilegien zu erhöhen.
Published: 2026-05-21T22:00:00+00:00

References

https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1005/