CVE-2026-2695
Lack of Server-side validation in Instruction Input in TeamViewer DEX Platform (On-Premises)
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.3EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
13 May 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A command
injection vulnerability was discovered in TeamViewer DEX Platform On-Premises
(former 1E DEX Platform On-Premises) prior to version 9.2. Improper input validation allows
authenticated users with at least questioner privileges to inject commands in specific
instructions. Exploitation could lead to execution of elevated commands on
devices connected to the platform.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Affected products
TeamViewer · DEX (On-Premises)Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →