CVE-2026-8381
Broken Access Control in TeamViewer DEX Platform (On Premises)
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.4EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
22 May 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A broken access
control vulnerability exists in the TeamViewer DEX Platform (On‑Premises) prior version 9.2. Certain backend API endpoints do not
correctly enforce authorization checks, allowing an authenticated user with low
privileges to perform actions and access resources intended only for higher‑privileged roles. An attacker with
low‑privileged credentials may exploit
this to gain unauthorized access to administrative or sensitive functionality.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Affected products
TeamViewer · DEX (On-premises)Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →