Digital Employee Experience
CVE-2026-23571
MEDIUM
Severity by source
AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-RunPkgStatusRequest instruction. Improper input validation allows authenticated attackers with actioner privilege to run elevated arbitrary commands on connected hosts via malicious commands injected into the instruction’s input field. Users of 1E Client version 24.5 or higher are not affected.
AnalysisAI
TeamViewer DEX versions below 24.5 allow authenticated users with actioner privileges to execute arbitrary elevated commands on connected hosts through inadequate input validation in the 1E-Nomad-RunPkgStatusRequest instruction. An attacker with these credentials could inject malicious commands to gain unauthorized system access and control. The vulnerability requires user interaction and high-level privileges but carries a significant risk due to the potential for complete system compromise.
Technical ContextAI
Classified as CWE-20 (Improper Input Validation). Affects Digital Employee Experience. A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-RunPkgStatusRequest instruction. Improper input validation allows authenticated attackers with actioner privilege to run elevated arbitrary commands on connected hosts via malicious commands injected into the instruction’s input field. Users of 1E Client version 24.5 or higher are not affected.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
More in Digital Employee Experience
View allLog timestamp tampering in TeamViewer DEX Client versions prior to 26.1 allows adjacent network attackers to inject mali
Log tampering in TeamViewer DEX Client versions prior to 26.1 allows adjacent network attackers to inject, modify, or fo
TeamViewer DEX Client versions prior to 26.1 contain a null pointer dereference in the NomadBranch.exe Content Distribut
TeamViewer DEX Client versions before 26.1 contain an out-of-bounds read in the Content Distribution Service that enable
Denial-of-service in TeamViewer DEX Client versions prior to 26.1 allows adjacent network attackers to crash the NomadBr
Digital Employee Experience is affected by cleartext transmission of sensitive information (CVSS 6.5).
Digital Employee Experience versions up to 26.1 is affected by improper link resolution before file access (CVSS 5.7).
Information disclosure and denial-of-service in TeamViewer DEX Client versions before 26.1 allows adjacent network attac
Same weakness CWE-20 – Improper Input Validation
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today