← voltar
CVE-2026-2695

Lack of Server-side validation in Instruction Input in TeamViewer DEX Platform (On-Premises)

CVSS 6.3 MEDIUMEPSS 0.2%CWE-20
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 6.3EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
13 mai 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A command injection vulnerability was discovered in TeamViewer DEX Platform On-Premises (former 1E DEX Platform On-Premises) prior to version 9.2. Improper input validation allows authenticated users with at least questioner privileges to inject commands in specific instructions. Exploitation could lead to execution of elevated commands on devices connected to the platform.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Produtos afetados
TeamViewer · DEX (On-Premises)

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.teamviewer.com/de/resources/trust-center/security-bulletins/tv-2026-1004/