{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23572", "assignerOrgId": "13430f76-86eb-43b2-a71c-82c956ef31b6", "state": "PUBLISHED", "assignerShortName": "TV", "dateReserved": "2026-01-14T13:54:40.322Z", "datePublished": "2026-02-05T11:51:20.224Z", "dateUpdated": "2026-02-05T14:11:05.910Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["Full Client", "Host"], "platforms": ["Windows", "MacOS", "Linux"], "product": "Remote", "vendor": "TeamViewer", "versions": [{"lessThan": "15.74.5", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["Full Client", "Host"], "platforms": ["Windows", "MacOS", "Linux"], "product": "Tensor", "vendor": "TeamViewer", "versions": [{"lessThan": "15.74.5", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["Full Client", "Host"], "platforms": ["Windows", "MacOS", "Linux"], "product": "One", "vendor": "TeamViewer", "versions": [{"lessThan": "15.74.5", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Improper access control in\u202fthe\u202fTeamViewer\u202fFull and Host clients\u202f(Windows,\u202fmacOS, Linux)\u202fprior\u202fversion\u202f15.74.5 allows an authenticated user\u202fto bypass\u202fadditional\u202faccess controls with\u202f\u201cAllow after\u202fconfirmation\u201d\u202fconfiguration\u202fin\u202fa\u202fremote session.\u202fAn exploit could result in unauthorized access prior to local confirmation.\u202fThe user needs to be authenticated for the remote session via ID/password, Session Link, or Easy Access as a prerequisite to exploit this vulnerability.\u202f</span><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;</span>"}], "value": "Improper access control in\u202fthe\u202fTeamViewer\u202fFull and Host clients\u202f(Windows,\u202fmacOS, Linux)\u202fprior\u202fversion\u202f15.74.5 allows an authenticated user\u202fto bypass\u202fadditional\u202faccess controls with\u202f\u201cAllow after\u202fconfirmation\u201d\u202fconfiguration\u202fin\u202fa\u202fremote session.\u202fAn exploit could result in unauthorized access prior to local confirmation.\u202fThe user needs to be authenticated for the remote session via ID/password, Session Link, or Easy Access as a prerequisite to exploit this vulnerability."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "13430f76-86eb-43b2-a71c-82c956ef31b6", "shortName": "TV", "dateUpdated": "2026-02-05T11:51:20.224Z"}, "references": [{"url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1003/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Update to the latest client version (15.74.5 or the latest version available).</span><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;</span>\n\n<br>"}], "value": "Update to the latest client version (15.74.5 or the latest version available)."}], "source": {"discovery": "UNKNOWN"}, "title": "Improper Access Control in TeamViewer clients", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">If an immediate update of the client is not possible</span><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;and the use of </span><span style=\"background-color: rgb(255, 255, 255);\">additional</span><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;access controls is </span><span style=\"background-color: rgb(255, 255, 255);\">required</span><span style=\"background-color: rgb(255, 255, 255);\">, the access control setting \u201cControl this computer \u2013 Allow after Confirmation\u201d can be set as mitigation. This prevents exploitation. The access controls can be configured in the Client Settings \u2013 \u201cAdvanced Options &gt; Advanced Settings for connections to this computer\u201d or via Policies \u201cAccess Control (incoming connections)</span><span style=\"background-color: rgb(255, 255, 255);\">\u201d.</span>\n\n<br>"}], "value": "If an immediate update of the client is not possible\u00a0and the use of additional\u00a0access controls is required, the access control setting \u201cControl this computer \u2013 Allow after Confirmation\u201d can be set as mitigation. This prevents exploitation. The access controls can be configured in the Client Settings \u2013 \u201cAdvanced Options > Advanced Settings for connections to this computer\u201d or via Policies \u201cAccess Control (incoming connections)\u201d."}], "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-05T14:10:57.741868Z", "id": "CVE-2026-23572", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-05T14:11:05.910Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-23572", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-05T14:10:57.741868Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-05T14:11:00.715Z"}}], "cna": {"title": "Improper Access Control in TeamViewer clients", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "TeamViewer", "modules": ["Full Client", "Host"], "product": "Remote", "versions": [{"status": "affected", "version": "0", "lessThan": "15.74.5", "versionType": "custom"}], "platforms": ["Windows", "MacOS", "Linux"], "defaultStatus": "unaffected"}, {"vendor": "TeamViewer", "modules": ["Full Client", "Host"], "product": "Tensor", "versions": [{"status": "affected", "version": "0", "lessThan": "15.74.5", "versionType": "custom"}], "platforms": ["Windows", "MacOS", "Linux"], "defaultStatus": "unaffected"}, {"vendor": "TeamViewer", "modules": ["Full Client", "Host"], "product": "One", "versions": [{"status": "affected", "version": "0", "lessThan": "15.74.5", "versionType": "custom"}], "platforms": ["Windows", "MacOS", "Linux"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update to the latest client version (15.74.5 or the latest version available).", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Update to the latest client version (15.74.5 or the latest version available).</span><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;</span>\n\n<br>", "base64": false}]}], "references": [{"url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1003/"}], "workarounds": [{"lang": "en", "value": "If an immediate update of the client is not possible\u00a0and the use of additional\u00a0access controls is required, the access control setting \u201cControl this computer \u2013 Allow after Confirmation\u201d can be set as mitigation. This prevents exploitation. The access controls can be configured in the Client Settings \u2013 \u201cAdvanced Options > Advanced Settings for connections to this computer\u201d or via Policies \u201cAccess Control (incoming connections)\u201d.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">If an immediate update of the client is not possible</span><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;and the use of </span><span style=\"background-color: rgb(255, 255, 255);\">additional</span><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;access controls is </span><span style=\"background-color: rgb(255, 255, 255);\">required</span><span style=\"background-color: rgb(255, 255, 255);\">, the access control setting \u201cControl this computer \u2013 Allow after Confirmation\u201d can be set as mitigation. This prevents exploitation. The access controls can be configured in the Client Settings \u2013 \u201cAdvanced Options &gt; Advanced Settings for connections to this computer\u201d or via Policies \u201cAccess Control (incoming connections)</span><span style=\"background-color: rgb(255, 255, 255);\">\u201d.</span>\n\n<br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Improper access control in\u202fthe\u202fTeamViewer\u202fFull and Host clients\u202f(Windows,\u202fmacOS, Linux)\u202fprior\u202fversion\u202f15.74.5 allows an authenticated user\u202fto bypass\u202fadditional\u202faccess controls with\u202f\u201cAllow after\u202fconfirmation\u201d\u202fconfiguration\u202fin\u202fa\u202fremote session.\u202fAn exploit could result in unauthorized access prior to local confirmation.\u202fThe user needs to be authenticated for the remote session via ID/password, Session Link, or Easy Access as a prerequisite to exploit this vulnerability.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Improper access control in\u202fthe\u202fTeamViewer\u202fFull and Host clients\u202f(Windows,\u202fmacOS, Linux)\u202fprior\u202fversion\u202f15.74.5 allows an authenticated user\u202fto bypass\u202fadditional\u202faccess controls with\u202f\u201cAllow after\u202fconfirmation\u201d\u202fconfiguration\u202fin\u202fa\u202fremote session.\u202fAn exploit could result in unauthorized access prior to local confirmation.\u202fThe user needs to be authenticated for the remote session via ID/password, Session Link, or Easy Access as a prerequisite to exploit this vulnerability.\u202f</span><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization"}]}], "providerMetadata": {"orgId": "13430f76-86eb-43b2-a71c-82c956ef31b6", "shortName": "TV", "dateUpdated": "2026-02-05T11:51:20.224Z"}}}, "cveMetadata": {"cveId": "CVE-2026-23572", "state": "PUBLISHED", "dateUpdated": "2026-02-05T14:11:05.910Z", "dateReserved": "2026-01-14T13:54:40.322Z", "assignerOrgId": "13430f76-86eb-43b2-a71c-82c956ef31b6", "datePublished": "2026-02-05T11:51:20.224Z", "assignerShortName": "TV"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper access control in\u202fthe\u202fTeamViewer\u202fFull and Host clients\u202f(Windows,\u202fmacOS, Linux)\u202fprior\u202fversion\u202f15.74.5 allows an authenticated user\u202fto bypass\u202fadditional\u202faccess controls with\u202f\u201cAllow after\u202fconfirmation\u201d\u202fconfiguration\u202fin\u202fa\u202fremote session.\u202fAn exploit could result in unauthorized access prior to local confirmation.\u202fThe user needs to be authenticated for the remote session via ID/password, Session Link, or Easy Access as a prerequisite to exploit this vulnerability."}], "id": "CVE-2026-23572", "lastModified": "2026-02-05T14:57:20.563", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "psirt@teamviewer.com", "type": "Secondary"}]}, "published": "2026-02-05T12:16:01.607", "references": [{"source": "psirt@teamviewer.com", "url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1003/"}], "sourceIdentifier": "psirt@teamviewer.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "psirt@teamviewer.com", "type": "Secondary"}]}

{}

{"created": "2026-02-06T12:05:38.763645+00:00", "updated": "2026-02-06T12:05:38.763670+00:00", "vendors": ["teamviewer", "teamviewer$PRODUCT$full_client", "teamviewer$PRODUCT$host", "teamviewer$PRODUCT$teamviewer"]}