Search criteria
2 vulnerabilities found for One by TeamViewer
CVE-2026-23572 (GCVE-0-2026-23572)
Vulnerability from nvd – Published: 2026-02-05 11:51 – Updated: 2026-02-05 14:11
VLAI?
Title
Improper Access Control in TeamViewer clients
Summary
Improper access control in the TeamViewer Full and Host clients (Windows, macOS, Linux) prior version 15.74.5 allows an authenticated user to bypass additional access controls with “Allow after confirmation” configuration in a remote session. An exploit could result in unauthorized access prior to local confirmation. The user needs to be authenticated for the remote session via ID/password, Session Link, or Easy Access as a prerequisite to exploit this vulnerability.
Severity ?
7.2 (High)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TeamViewer | Remote |
Affected:
0 , < 15.74.5
(custom)
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23572",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-05T14:10:57.741868Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T14:11:05.910Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Full Client",
"Host"
],
"platforms": [
"Windows",
"MacOS",
"Linux"
],
"product": "Remote",
"vendor": "TeamViewer",
"versions": [
{
"lessThan": "15.74.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Full Client",
"Host"
],
"platforms": [
"Windows",
"MacOS",
"Linux"
],
"product": "Tensor",
"vendor": "TeamViewer",
"versions": [
{
"lessThan": "15.74.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Full Client",
"Host"
],
"platforms": [
"Windows",
"MacOS",
"Linux"
],
"product": "One",
"vendor": "TeamViewer",
"versions": [
{
"lessThan": "15.74.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper access control in\u202fthe\u202fTeamViewer\u202fFull and Host clients\u202f(Windows,\u202fmacOS, Linux)\u202fprior\u202fversion\u202f15.74.5 allows an authenticated user\u202fto bypass\u202fadditional\u202faccess controls with\u202f\u201cAllow after\u202fconfirmation\u201d\u202fconfiguration\u202fin\u202fa\u202fremote session.\u202fAn exploit could result in unauthorized access prior to local confirmation.\u202fThe user needs to be authenticated for the remote session via ID/password, Session Link, or Easy Access as a prerequisite to exploit this vulnerability.\u202f\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e"
}
],
"value": "Improper access control in\u202fthe\u202fTeamViewer\u202fFull and Host clients\u202f(Windows,\u202fmacOS, Linux)\u202fprior\u202fversion\u202f15.74.5 allows an authenticated user\u202fto bypass\u202fadditional\u202faccess controls with\u202f\u201cAllow after\u202fconfirmation\u201d\u202fconfiguration\u202fin\u202fa\u202fremote session.\u202fAn exploit could result in unauthorized access prior to local confirmation.\u202fThe user needs to be authenticated for the remote session via ID/password, Session Link, or Easy Access as a prerequisite to exploit this vulnerability."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T11:51:20.224Z",
"orgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
"shortName": "TV"
},
"references": [
{
"url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1003/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate to the latest client version (15.74.5 or the latest version available).\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update to the latest client version (15.74.5 or the latest version available)."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Access Control in TeamViewer clients",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIf an immediate update of the client is not possible\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;and the use of \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eadditional\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;access controls is \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003erequired\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e, the access control setting \u201cControl this computer \u2013 Allow after Confirmation\u201d can be set as mitigation. This prevents exploitation. The access controls can be configured in the Client Settings \u2013 \u201cAdvanced Options \u0026gt; Advanced Settings for connections to this computer\u201d or via Policies \u201cAccess Control (incoming connections)\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u201d.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "If an immediate update of the client is not possible\u00a0and the use of additional\u00a0access controls is required, the access control setting \u201cControl this computer \u2013 Allow after Confirmation\u201d can be set as mitigation. This prevents exploitation. The access controls can be configured in the Client Settings \u2013 \u201cAdvanced Options \u003e Advanced Settings for connections to this computer\u201d or via Policies \u201cAccess Control (incoming connections)\u201d."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
"assignerShortName": "TV",
"cveId": "CVE-2026-23572",
"datePublished": "2026-02-05T11:51:20.224Z",
"dateReserved": "2026-01-14T13:54:40.322Z",
"dateUpdated": "2026-02-05T14:11:05.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23572 (GCVE-0-2026-23572)
Vulnerability from cvelistv5 – Published: 2026-02-05 11:51 – Updated: 2026-02-05 14:11
VLAI?
Title
Improper Access Control in TeamViewer clients
Summary
Improper access control in the TeamViewer Full and Host clients (Windows, macOS, Linux) prior version 15.74.5 allows an authenticated user to bypass additional access controls with “Allow after confirmation” configuration in a remote session. An exploit could result in unauthorized access prior to local confirmation. The user needs to be authenticated for the remote session via ID/password, Session Link, or Easy Access as a prerequisite to exploit this vulnerability.
Severity ?
7.2 (High)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TeamViewer | Remote |
Affected:
0 , < 15.74.5
(custom)
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23572",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-05T14:10:57.741868Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T14:11:05.910Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Full Client",
"Host"
],
"platforms": [
"Windows",
"MacOS",
"Linux"
],
"product": "Remote",
"vendor": "TeamViewer",
"versions": [
{
"lessThan": "15.74.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Full Client",
"Host"
],
"platforms": [
"Windows",
"MacOS",
"Linux"
],
"product": "Tensor",
"vendor": "TeamViewer",
"versions": [
{
"lessThan": "15.74.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Full Client",
"Host"
],
"platforms": [
"Windows",
"MacOS",
"Linux"
],
"product": "One",
"vendor": "TeamViewer",
"versions": [
{
"lessThan": "15.74.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper access control in\u202fthe\u202fTeamViewer\u202fFull and Host clients\u202f(Windows,\u202fmacOS, Linux)\u202fprior\u202fversion\u202f15.74.5 allows an authenticated user\u202fto bypass\u202fadditional\u202faccess controls with\u202f\u201cAllow after\u202fconfirmation\u201d\u202fconfiguration\u202fin\u202fa\u202fremote session.\u202fAn exploit could result in unauthorized access prior to local confirmation.\u202fThe user needs to be authenticated for the remote session via ID/password, Session Link, or Easy Access as a prerequisite to exploit this vulnerability.\u202f\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e"
}
],
"value": "Improper access control in\u202fthe\u202fTeamViewer\u202fFull and Host clients\u202f(Windows,\u202fmacOS, Linux)\u202fprior\u202fversion\u202f15.74.5 allows an authenticated user\u202fto bypass\u202fadditional\u202faccess controls with\u202f\u201cAllow after\u202fconfirmation\u201d\u202fconfiguration\u202fin\u202fa\u202fremote session.\u202fAn exploit could result in unauthorized access prior to local confirmation.\u202fThe user needs to be authenticated for the remote session via ID/password, Session Link, or Easy Access as a prerequisite to exploit this vulnerability."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T11:51:20.224Z",
"orgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
"shortName": "TV"
},
"references": [
{
"url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1003/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate to the latest client version (15.74.5 or the latest version available).\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update to the latest client version (15.74.5 or the latest version available)."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Access Control in TeamViewer clients",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIf an immediate update of the client is not possible\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;and the use of \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eadditional\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;access controls is \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003erequired\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e, the access control setting \u201cControl this computer \u2013 Allow after Confirmation\u201d can be set as mitigation. This prevents exploitation. The access controls can be configured in the Client Settings \u2013 \u201cAdvanced Options \u0026gt; Advanced Settings for connections to this computer\u201d or via Policies \u201cAccess Control (incoming connections)\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u201d.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "If an immediate update of the client is not possible\u00a0and the use of additional\u00a0access controls is required, the access control setting \u201cControl this computer \u2013 Allow after Confirmation\u201d can be set as mitigation. This prevents exploitation. The access controls can be configured in the Client Settings \u2013 \u201cAdvanced Options \u003e Advanced Settings for connections to this computer\u201d or via Policies \u201cAccess Control (incoming connections)\u201d."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
"assignerShortName": "TV",
"cveId": "CVE-2026-23572",
"datePublished": "2026-02-05T11:51:20.224Z",
"dateReserved": "2026-01-14T13:54:40.322Z",
"dateUpdated": "2026-02-05T14:11:05.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}